Security Response Center
42Gears takes the security of its systems and data privacy very seriously. We constantly strive to make our systems safe for our customers to use. However, in the rare case that a security researcher or member of the general public discovers a security vulnerability in our systems and responsibly shares the details with us, we appreciate their contribution and work closely with them to address any reported issue with urgency. Further, we are happy to acknowledge their contributions publicly in line with the provisions mentioned herein.
Process to report an issue
- E-mail your findings to security-incidents@42gears.com. Please share your contact information with your mobile number.
- Do provide enough information to reproduce the problem (at least the information mentioned in the table is required), so we can resolve it as quickly as possible.
Title of the Vulnerability Technical Severity CVSS Score Vulnerability Details URL / Location of vulnerability (optional) Description: Attachments screenshots, videos, exploit code, Burp requests/responses (attach it in the email) - Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
- Do not disclose any vulnerabilities found on any public domain or disseminate your findings to any third party unless approved in writing by 42Gears to avoid the legal repercussions.
- Do not use attacks on physical security, social engineering, distributed denial of service, spam, etc.
Acknowledgements
We are not part of a cash/bug bounty program but are happy to issue a certificate of recognition with goodies to individuals who report valid security issues responsibly based on the T&C’s agreed then and help us make 42Gears systems more secure.