Unpermitted Uses of Fund My Biz’s Website and Unpermitted Types of Security Research
Intentionally harming the experience or usefulness of the service to others. Causing, or attempting to cause, a Denial of Service (DoS) condition. Accessing, or attempting to access, data or information that does not belong to you.Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.If you are researching security issues, especially those which may compromise the privacy of others, please do so cautiously in order to respect our users’ privacy. When possible, you should conduct all vulnerability testing against non-production instances of our products to minimize the risk to data and services.
Out of Scope Vulnerabilities
We review security issues on a case-by-case basis. Here are some of the common low-risk issues that might not be considered serious security vulnerabilities by Fund My Biz:
Flaws affecting the users due to out-of-date browsers and plugins. Clickjacking on pages without sensitive content, authentication, or state changing actions. Vulnerabilities dependent upon social engineering techniques Brute force protection on login page. Logout cross-site request forgery. Any physical attempts against Fund My Biz property or data centers.
Our Security Commitment
For all security vulnerability reporters who follow this policy, Fund My Biz will attempt to do the following:
Acknowledge the receipt of your report. Investigate in a timely manner, confirming the potential vulnerability where possible. Provide a plan and time frame for addressing the vulnerability if appropriate. Notify the vulnerability reporter when the vulnerability has been resolved.
Acknowledging Contribution
Fund My Biz is pleased to recognize those who have helped make Fund My Biz services safer by finding and reporting security vulnerabilities according to this policy. Each name listed represents an individual or company who has privately disclosed one or more security vulnerabilities and worked with us to remediate the issue. With the agreement of the vulnerability reporter, Fund My Biz may acknowledge the reporter’s contribution during the public disclosure of the vulnerability so long as the reporter complies with this policy.Fund My Biz does not compensate for reporting security vulnerabilities.