1. Notifying others of security flaws
Gadgetorf is concerned about security. Please follow the instructions below to notify us right away if you think you have found a security flaw in our systems.
2. Reporting Procedures
Reports of security vulnerabilities should be sent to security@gadgetorf.com.
Title: "Security Vulnerability Report"
3. Details to Provide
When reporting, kindly supply:
An explanation of the vulnerability in detail
How to replicate the problem
Affected systems or URLs
screenshots or, if available, proof-of-concept code
Your contact details
4. Our Dedication
Within 24 hours, we will confirm that we have received your report.
We'll give frequent updates on our progress.
We will collaborate with you to comprehend and verify the problem.
We'll let you know as soon as the vulnerability is fixed.
5. The Safe Harbor
We won't file a lawsuit against you if you:
Try your best to prevent data destruction and privacy violations.
Never alter or access data that is not yours.
Give us a fair amount of time to resolve the matter before making it public.
6. Vulnerabilities Outside of Scope
Generally speaking, the following problems are not regarded as security vulnerabilities:
Clickjacking without any sensitive actions on pages
CSRF on forms that anonymous users can access
Non-sensitive cookies do not have Secure/HttpOnly flags.
Absence of security headers that do not cause a vulnerability
7. Timeline for Response
First reaction: 24 hours
Evaluation of triage: within three working days
Resolution time: Determined by severity and complexity
8. Appreciation
We would like to honor your contribution in our security hall of fame, with your consent.
9. Security Team Contact Details: security@gadgetorf.com
PGP Key: Upon request
Time of Response: 24 business hours
10. Contact Information for Emergencies
For urgent security concerns after hours:
Phone: +49 6221 1234567 (for security emergencies, listen to the voicemail instructions)
11. Updates to Policies
Periodically, this policy might be revised. Before submitting reports, please check back for the most recent version.