Skip to main content

Vulnerability Disclosure Policy

1. Policy Scope

At Bizzdesign, we do all we can to ensure our systems stay secure.

We appreciate any effort security researchers and experts make to help us improve the security of our systems, especially responsibly disclosing any finding that may impact us.

This includes our public websites, products, SaaS services and all supporting systems.

This program does not include any monetary compensation for reports.

2. Reporting a finding

If you believe you have found a potential security vulnerability in one of our systems, we encourage you to report it to us responsibly at security@bizzdesign.com.

Please ensure you include all details that may be useful for assessment and reproduction of the issue.

If you are a customer or are conducting an audit on behalf of one of our customers, we recommend you report findings through your usual support channels to ensure this context is taken into account.

3. Do not report

We encourage all submissions that affect the security of our systems.

However, if no proven exploitation is provided, we do exclude reporting of the following types of issues:

  • Outdated libraries
  • TLS configuration issues that only affect older browsers or operating systems
  • Incomplete or missing headers
  • General non-security bugs (please share with our support team instead)
  • Outputs of automated scans that have not been reviewed by a security researcher or expert

4. Responsible conduct

We encourage all responsible security investigations and disclosures. We respectfully require that you:

  • Give us reasonable time for investigation and mitigation, and do not disclose your findings to others during this time
  • Adhere to applicable laws and regulations, including but not limited to not exploiting vulnerabilities and avoiding privacy violations
  • Do not impact the availability of our systems