The Vulnerability Disclosure
Security is important to us at Tamara. We constantly strive to ensure our customers feel safe and secure using our services. If you believe you have discovered a potential security vulnerability on any of our Tamara domains, report your findings to us so we can fix it as soon as possible - and earn rewards!
Reporting your findings:
Your reward will be reflected within 14 days from the date you submitted the report. You will be notified via email, SMS, or push notification.
- If you have an account on Bugcrowd, request an invitation to our Vulnerability Disclosure Program (send an invite).
- Otherwise, email your findings to firstname.lastname@example.org
- Please provide a clear, concise description, along with steps to reproduce, Proof-of-Concept, URL, and details of the vulnerable system when submitting a vulnerability.
- Please give us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. Depending on the severity of the issue, it may take us a few days to get back to you with feedback.
- Denial of Service or brute force attacks unless they expose confidential data.
- Spam or social engineering techniques conducted on any Tamara employee, vendor or contractor.
- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms.
- Password policy, Absence SPF/DMARC, Missing Security Header, Self-XSS, Login/Logout CSRF, Lacking CSRF (unless affect sensitive user action).