Responsible Disclosure

Responsible Vulnerability Disclosure Program

No technology is perfect. As a security company, we take the security of our products and services seriously. We believe that working together with other skilled security researchers across the globe is crucial to offering security solutions. We appreciate the work of the white hat community in responsibly reporting any vulnerabilities.

Contact Information

If you find a vulnerability in our software, please contact us immediately as part of this responsible disclosure program. Just send us an e-mail to security@crashtest-security.com.

Required Information

If possible/applicable, include the following information:

• Affected Product(s)/versions/URLs
• System Details (Operating System, etc.)
• Technical Description and Reproduction Steps
• Proof of Concept how the Vulnerability can be abused
• Impact of the Vulnerability
• Other Parties/Products Involved
• Disclosure Plans/Dates

We only accept submissions that contain a complete proof of concept that includes a description of how the Vulnerability can be abused and how this impacts the services of Crashtest Security.

In Scope

We accept submissions for this program for the following applications with a few exceptions:

• crashtest-security.com
• *.crashtest-security.com
• crashtest.cloud
• *.crashtest.cloud

Out of Scope

The following applications are out of scope:

• wiki.crashtest-security.com
• The chat functionality used on any of the sites in scope

Hall of Fame

We thank all security researchers that support our security efforts as part of our responsible disclosure program:

• Pethuraj M
• Alexey Petrenko
• Shivam Pandey
• Navdeep Singh
• Balamuralidharan M
• Vasanth Kumar
• Ayushmaan Banerjee
• Shubham Singh Jijania (Kush)
• Mohd Asif Khan
• Kunal Narsale
• Ahmed Salah Abdalhfaz
• Sheikh Mohd Aslam
• Subhamoy Guha
• Anjan Neema
• Max Bügler
• Md Sojib Islam Nirob