Responsible Disclosure Program

Vego Garden Responsible Disclosure Program

At Vego Garden, we are committed to ensuring the security and privacy of our customers, partners, and website visitors. We recognize the importance of identifying and addressing potential vulnerabilities in our systems and encourage security researchers to assist us in safeguarding our community by responsibly disclosing any security issues they may discover.

Guidelines for Responsible Disclosure

To promote a safe and secure online environment, we kindly ask that you adhere to the following guidelines when reporting potential security issues on vegogarden.com:

  1. Report Promptly: If you identify a potential security vulnerability, please notify us immediately. Avoid publicly disclosing the issue until we have resolved it.
  2. Avoid Service Disruption: Do not perform any actions that could cause harm to our website, customer data, or business operations. Please refrain from exploiting any identified vulnerabilities.
  3. Respect Privacy and Data Integrity: Access only information necessary to demonstrate the vulnerability. Do not interact with, access, or modify customer or employee data.
  4. Provide Clear Reproduction Steps: When submitting a report, include clear steps to reproduce the vulnerability. This will help our security team assess and address the issue effectively.

What to Include in Your Report

To help us understand the nature and potential impact of the vulnerability, please include:

  • A description of the vulnerability and its potential impact
  • Detailed steps or proof of concept to reproduce the vulnerability
  • Any supporting screenshots or files, if applicable

Scope of the Program

This program covers security vulnerabilities related to vegogarden.com. Examples of vulnerabilities that are eligible for reporting include, but are not limited to:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Authentication or authorization flaws
  • SQL injection
  • Remote code execution

Please note that non-security-related bugs and issues outside our control (such as those in third-party services) are not within the scope of this program.

How to Report

If you believe you have discovered a security vulnerability on vegogarden.com, please contact us at:

What to Expect

Once we receive your report, our security team will:

  1. Acknowledge receipt of your report promptly.
  2. Investigate the reported issue and determine the validity and impact.
  3. Work to resolve the vulnerability as quickly as possible.
  4. Notify you when the issue has been resolved and, if appropriate, provide updates on the status of the investigation.

Safe Harbor

We are committed to working with ethical security researchers and will not pursue legal action against individuals who follow this Responsible Disclosure Program in good faith. We appreciate your commitment to protecting our platform and community.

Thank you for helping us keep Vego Garden safe and secure for everyone.

Vego Garden Security Team