This policy is intended to give guidance for submitting potential security issues (vulnerabilities) discovered on Picture A Gifts website other resources.
Following the responsible disclosure process allows us to take appropriate steps to address any vulnerabilities, thereby protecting our customers and systems.
The scope of this policy includes:
• Pictureagift.com
Picture A Gift currently runs a private bug bounty program on intigriti.com. We value those who take the time and effort to report security vulnerabilities.
If you have identified a vulnerability that you wish to disclose, we ask that you:
• Email hello@pictureagift.com with a high-level summary, including the type of vulnerability and affected domain.
• Don’t access unnecessary, excessive or significant amounts of data.
• Only use your own accounts to demonstrate impact. Don't target any of our customers’ accounts.
• Please do not discuss or post vulnerabilities without our consent (including blog posts, PoC's on YouTube and Vimeo).
• Don’t run any automated tools against our website or APIs (examples include, but are not limited to, Nikto, Burp scanner, Nessus, etc).
• Don’t target our physical security, perform any social engineering, denial of service, spam or target applications of third parties, or otherwise break any laws.
What you can expect from us:
• We’ll respond to you within 5 working days acknowledging your report.
• We’ll keep you up-to-date as we investigate and address your report.
This policy is intended to give guidance for submitting potential security issues (vulnerabilities) discovered on Picture A Gifts website other resources.
Following the responsible disclosure process allows us to take appropriate steps to address any vulnerabilities, thereby protecting our customers and systems.
The scope of this policy includes:
• Pictureagift.com
Picture A Gift currently runs a private bug bounty program on intigriti.com. We value those who take the time and effort to report security vulnerabilities.
If you have identified a vulnerability that you wish to disclose, we ask that you:
• Email hello@pictureagift.com with a high-level summary, including the type of vulnerability and affected domain.
• Don’t access unnecessary, excessive or significant amounts of data.
• Only use your own accounts to demonstrate impact. Don't target any of our customers’ accounts.
• Please do not discuss or post vulnerabilities without our consent (including blog posts, PoC's on YouTube and Vimeo).
• Don’t run any automated tools against our website or APIs (examples include, but are not limited to, Nikto, Burp scanner, Nessus, etc).
• Don’t target our physical security, perform any social engineering, denial of service, spam or target applications of third parties, or otherwise break any laws.
What you can expect from us:
• We’ll respond to you within 5 working days acknowledging your report.
• We’ll keep you up-to-date as we investigate and address your report.