At SuperOps.ai, we understand that protecting customer data is a significant responsibility and is our highest priority. We truly value the assistance of security researchers and people from the security community to help us keep our systems and data secure. Responsible Disclosure of security vulnerabilities will help us ensure the security and privacy of all our users.
If you find any potential vulnerability in our products that meets the criteria listed below, please reach out to firstname.lastname@example.org.
You will hear from our InfoSec team within 24 hours of reporting the vulnerability.
SuperOps.ai will define the severity of the issue based on the impact and the ease of exploitation.
It may take 1 to 5 days to validate the reported vulnerability.
We will initiate necessary actions to fix the vulnerability in line with our commitment to security and privacy and notify you once we fix it.
When conducting security testing, please ensure that you do not violate any of our privacy policies, modify or delete unauthenticated user data, disrupt production servers, or degrade user experience in any way.
Conduct research only within the scope set out in our guidelines.
Use the identified communication channel, i.e., email@example.com, to report any vulnerability to us.
Documenting or publishing the vulnerability details in any public domain goes against our responsible disclosure policy.
We trust you to keep information about any vulnerability confidential until we have resolved the issue.
When you report a vulnerability to us, please provide the following details in the report:
Description and potential impact of the vulnerability.
A detailed description of the steps required to reproduce the vulnerability.
Where available, a video recording.
Your preferred name/handle for recognition in our Security researcher hall of fame.
Domains in scope
SQL/XXE Injection and command injection
Server-side request forgery (SSRF)
Remote code execution (RCE)
Misconfiguration issues on servers and application
Cross-site request forgeries (CSRF)
Cross-Site Scripting (XSS)
Authentication and authorization-related issues
Hall of fame
While we do not provide any reward for responsible disclosure of unique vulnerabilities and working with us to remediate them, we would like to convey our deepest gratitude to the security researchers publicly. As a gesture of appreciation and goodwill, we will add your name to our hall of fame.
We would like to recognize the efforts of the following individuals for their contribution to our responsible disclosure program.