Reporting Security Vulnerabilities
If you identify a security issue, please contact us at tech@spotflow.one and include the following details:- Description: A clear and concise explanation of the vulnerability.
- Steps to Reproduce: Detailed, easy-to-follow instructions to replicate the issue.
- Impact: The potential risk or harm that could arise from the vulnerability.
- Suggested Mitigations: (Optional) Your recommendation on how to fix the issue.
How We Handle Reports
- Acknowledgment: Our technical team will confirm receipt of your report promptly within a reasonable time frame.
- Assessment: We review and prioritize the report based on severity, impact, and exploitability.
- Resolution: We will provide an update on the expected resolution timeline if the issue is confirmed, already known and logged internally.
- Follow-up: We may reach out for additional information or clarification as needed.
No Monetary Rewards (Bug Bounty Program)
Currently, Spotflow does not have an official bug bounty program. While we deeply appreciate security researchers’ efforts, we do not offer monetary rewards for vulnerability disclosures. This ensures fairness for all individuals who report similar issues.Recognition & Appreciation
We highly value the contributions of ethical researchers. While Spotflow does not currently offer a formal, paid bug bounty program, we believe in tangible appreciation. For valid security reports, we would be delighted to consider a premium Spotflow Swag Pack/Build-Kit as a token of our sincere thanks.Responsible Disclosure Guidelines
To ensure an ethical process and protect our platform and users, please adhere to these non-negotiable rules to avoid legal actions:- Do Not Publicly Disclose vulnerabilities until our team has had a reasonable time to address them.
- Do Not Exploit the vulnerability beyond what is strictly necessary to demonstrate the issue.
- Do Not perform any activity that could disrupt our services through denial-of-service, spamming, or similar activities.