How to report a vulnerability with a Biofidelity system or service
We appreciate reports of suspected vulnerabilities in any Biofidelity services or systems. We don’t currently operate a public bug bounty program, or offer monetary rewards for vulnerability reports. However, individuals may be acknowledged in product release notes as appropriate.
Please avoid reporting:
- Non-exploitable vulnerabilities or that our services are configured in a manner that you believe could be improved e.g. missing HTTP security headers or sub-optimal email related configuration (SPF, DKIM, DMARC, etc).
- TLS configuration weaknesses, for example weak cipher suite support or the presence of TLS 1.0 support.
To help us evaluate your report as quickly as possible please include:
- Date and time you first made the discovery
- URL(s)/IP(s) where you found the issue
- The steps to reproduce or a proof-of-concept
- Any relevant tools used (including the version) and the output