Vulnerability Disclosure Policy
Purpose of this document
The safety of our customers and the services we offer them is a top priority at Djaboo. As a provider of services closely linked to personal and administrative data (CRM, invoicing, accounting), security is at the heart of all our developments.
Despite our constant vigilance, vulnerabilities may remain in our products.
This document is intended to outline our policy for reporting vulnerabilities, demonstrating our commitment to security and our appreciation to the community of security experts for their efforts.
Perimeter
- All elements of the Djaboo application (web interface, API, etc.)
- Services in the following areas:
www.djaboo.com
www.djaboo.app
api.djaboo.com
Disclosure Rules
Djaboo undertakes not to prosecute parties who report vulnerabilities, provided that the signatories:
- Carry out research in security without harming Djaboo, its customers, its employees or its service providers
- Do not use, disclose or modify the data obtained during this research
- Do not interfere with the proper functioning of the services
- Do not perform a denial of service attack
Discovered vulnerabilities must be reported in a detailed report written in English.
The report should provide actual proof of the vulnerability as well as the steps needed to reproduce the flaw.
No personal data should be included in the report.
The signatories undertake not to publicly disclose the breach without the explicit agreement of Djaboo.
The report should be sent to the address app@djaboo.com.
Note: the address app@djaboo.com is only intended for the collection of vulnerability reports. All other inquiries should be addressed to hello@djaboo.com.
Replies
Djaboo undertakes to respond to signatories.
If the reported vulnerability is confirmed, financial compensation may be granted to the signatories, at Djaboo's discretion.
In addition, the signatory may be mentioned on a public page managed by Djaboo.