Security Disclosure
How to Report Security Issues to Oivan
Please submit your report by email to security@oivan.com. In your report, please provide as much details as possible:
- What you found;
- Where exactly did you find it and steps to reproduce;
- EXAMPLE: If the vulnerability relates to a specific URI and a specific parameter, please provide that information in detail.
- Date and time (UTC) when you could reproduce the vulnerability (we may have deployed a new version since then);
- Browser version number, on which platform the browser is running (if applicable);
- Possible impact of the vulnerability or ways an attacker can leverage the vulnerability;
- Proof-of-Concept or functional exploit if available;
- Fix suggestion if available.
We would be thankful for any further relevant technical information that you may have, especially if reproduction is tricky.
We will carefully evaluate and acknowledge your security report within 5 working days. Please note at Oivan we don’t administer any Bug Bounty programs, however, we at Oivan care and acts responsibly toward information systems security and professions.
Guidelines for Responsible Disclosure
Please do:
- Share the security issue with us before making it public on message boards, mailing lists, and other forums.
- Wait until notified that the vulnerability has been resolved before disclosing it to others. Oivan takes the security of its clients very seriously, however some vulnerabilities take longer than others to resolve.
Please do not:
- Cause potential or actual damage to Oivan’s or Oivan’s clients’ systems, services or users.
- Use an exploit to view unauthorized data or corrupt data.
Please note that by submitting us a vulnerability report, you grant us a perpetual, worldwide, royalty-free, irrevocable and non-exclusive license and right, to use, modify, and incorporate your submission or any parts thereof into our services, products, or test systems without any further obligations or notices to you.