The Vulnerability Disclosure
Program
Security is important to us at Tamara. We constantly strive to ensure our customers feel safe and secure using our services. If you believe you have discovered a potential security vulnerability on any of our Tamara domains, report your findings to us so we can fix it as soon as possible - and earn rewards!
Reporting your findings:
Your reward will be reflected within 14 days from the date you submitted the report. You will be notified via email, SMS, or push notification.
- If you have an account on Bugcrowd, request an invitation to our Vulnerability Disclosure Program (send an invite).
- Otherwise, email your findings to security@tamara.co
Expectations
- Please provide a clear, concise description, along with steps to reproduce, Proof-of-Concept, URL, and details of the vulnerable system when submitting a vulnerability.
- Please give us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. Depending on the severity of the issue, it may take us a few days to get back to you with feedback.
Out-of-scopes techniques
- Denial of Service or brute force attacks unless they expose confidential data.
- Spam or social engineering techniques conducted on any Tamara employee, vendor or contractor.
- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms.
- Password policy, Absence SPF/DMARC, Missing Security Header, Self-XSS, Login/Logout CSRF, Lacking CSRF (unless affect sensitive user action).