fbpx

Responsible Disclosure

Introduction

Reekoh is committed to strengthening its security posture to maintain customers trust and confidence to our product offerings. We rely on our multi-layered security solutions, industry best practices, and the expertise of our professionals to enforce privacy and security at Reekoh. However, as we consistently strive to expand our product features and capabilities, there are possibilities of vulnerability slipping our rigorous security testing.

We recognize the expertise of Cybersecurity Researchers whom advocate a secure world wide web and willingly help any organization improve the security and privacy of their web sites. If you believe that you have found a security vulnerability on any of Reekoh’s web-based systems, please report it to us via our email channel at securityr[email protected] . We will acknowledge valid reports and respond with our assessment and plan of action as soon as possible.

Submission Guideline

  • Provide us with the following minimum information:
    • Issue Description
    • Issue Type(s). e.g., Injection, XSS, Privilege Escalation, etc.
    • URL / path where you found the weakness.
    • Detailed steps to reproduce the issue. Sufficient information helps us expedite assessment and remediation effort. Please also provide as many screenshots as possible.
    • The tools you use to detect the weakness, if any.
    • Your name and contact information (email and phone number).
  • Do not publish or disclose your report(s) to anyone until we confirm to you the availability of resolution for the issue.
  • Do not further exploit the vulnerability by attacking, extracting data, altering our system, running automated scanner, or the likes, which may affect the availability and integrity of our systems.
  • Surrender to us and do not reveal in public any data that you were able to retrieve from our systems. Securely erase all these data from your system after submission.
  • Your report may contain sensitive information. Please submit your report in encrypted form using our public key (PGP) to avoid potential violation of privacy regulations.
  • Refrain from testing the weakness again after your submission as it might interfere with our investigation. We will announce once issue is remediated so you can also confirm from your end.

Our Responsibilities

  1. Reekoh will mobilize our specialists to start investigating the issue as soon as possible.
  2. You may expect update from us on our assessment and remediation progress.
  3. We will treat your report with confidentiality, and we likewise expect you to exercise the same as stated on our Submission Guideline.

Our Appreciation

We appreciate the intent of helping us to improve our security. However, please note that this guideline does not include monetary rewards for any reports we receive. As our token of appreciation, we would like to associate the findings with you and publish them on our website to acknowledge your effort and contribution in improving security posture. We will do this once you give us your consent.