BONKT

Security Vulnerability Disclosure Program

Image Image Image

Effective Date: 15.1.2024



Introduction


BONKT is committed to ensuring the security and privacy of our users. We recognize the valuable role that security researchers and the broader community play in helping us identify and address potential security vulnerabilities. This Security Vulnerability Disclosure Program outlines the guidelines for reporting such vulnerabilities to us.



What is Allowed:


  • Reporting Security Vulnerabilities:

    We encourage security researchers and users to responsibly disclose any security vulnerabilities they discover in the BONKT website, applications, or infrastructure.

  • Responsible and Coordinated Disclosure:

    Please make every effort to avoid privacy violations, disruption of service, and destruction of data during your research. We appreciate coordinated disclosure to allow us the opportunity to address the vulnerability before public disclosure.

  • Communication:

    Communication regarding the security vulnerability should be done discreetly and responsibly. We request that you do not share details of the vulnerability publicly until we have had sufficient time to address it.



What is Not Allowed:


  • Unauthorized Access:

    Any attempt to gain unauthorized access to BONKT systems, user accounts, or data is strictly prohibited.

  • Destructive Actions:

    Actions that could harm the integrity, availability, or confidentiality of our systems, data, or user accounts are not allowed.

  • Exploitation:

    Any exploitation of a security vulnerability, including the extraction of data or disruption of services, is not permitted.

  • Monetary Compensation:

    BONKT does not provide monetary rewards or compensation for security disclosures.



Reporting a Security Vulnerability:

  • Reporting Process:

    Please report security vulnerabilities to [email protected]

  • Include Details:

    Provide a detailed description of the vulnerability, including steps to reproduce and any supporting materials such as screenshots or proof-of-concept code.

  • Encryption:

    If possible, encrypt your report using our PGP key to protect sensitive information during transmission.



Our Commitment:

  • Acknowledgment:

    We will acknowledge receipt of your report promptly.

  • Investigation:

    Our security team will investigate and validate the reported vulnerability.

  • Resolution:

    We are committed to addressing and resolving valid security vulnerabilities in a timely manner.

  • Recognition:

    Where appropriate, we may acknowledge and recognize the efforts of security researchers who responsibly disclose security vulnerabilities.



Legal Considerations:

  • Safe Harbor:

    BONKT commits to not pursue legal action against security researchers who act in good faith and follow the guidelines outlined in this program.

  • Responsible Disclosure:

    Security researchers are expected to adhere to responsible and ethical disclosure practices.



By participating in our Security Vulnerability Disclosure Program, you contribute to the ongoing improvement of BONKT's security. We appreciate your collaboration in helping us maintain a safe and secure environment for our users.



Contact Information:

For any inquiries related to the Security Vulnerability Disclosure Program, please contact [email protected]