Our terms here are a variation of Bugcrowd's Standard Disclosure Terms.
- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
- Provide us with a reasonable amount of time to resolve the issue before making any disclosures to the public or third-parties. Please note that we operate Deskpro in the cloud but we also ship to on-premise customers who operate the software on their own private infrastructure. So we may request a little extra time to coordinate with on-premise customers -- we want everyone to be safe.
- We expect you to operate in good faith to avoid privacy violations, destruction of data, and interruption or degradation of our service.
- Limit your tests to your own account or on accounts for which you have been given explicit permission by the account owner.
- Should you ever have access to data that is not your own, do not remove the data from our premises.
- Testing should be performed only on systems listed under the "Targets" section. Any other system is considered Out Of Scope.
- You should always create your own account for testing purposes.
- Actions which affect the integrity/availability of our service is prohibited. If you notice a performance degradation due to your tests, please stop immediately and reach out to us.
- Please include a description of the impact of any vulnerability. That means you should tell us how the vulnerability impacts the system or data security in a meaningful way.
- You are encouraged to submit a video or screenshot Proof-of-Concept with your submission. These files should not be stored publicly (e.g. YouTube or Imgur etc). If you need to submit a big file, please reach out to us and we will make special arrangements if necessary.
- Once you submit a vulnerability, do not disclose or share the vulnerability without permission from our team. In some cases we may need to coordinate disclosures.