Testing
You may test only against an Account for which you are the Account Owner. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you, or attempt to do any of the foregoing. You are also prohibited from:
Application security
The application and repository data are available only for users defined in the workspace. There are two types of users: administrators with full access to all projects, and members who can only access projects to which they have been added. Members scope of access is independently restricted (or expanded) for the source (Git repository) and pipelines (deployments) using custom permissions.
- executing or attempting to execute any “Denial of Service” attack
- knowingly posting transmitting, uploading, linking to, sending or storing any Malicious Software
- testing in a manner that would result in sending unsolicited or unauthorized junk mail, spam, pyramid schemes or other forms of duplicative or unsolicited messages
- testing in a manner that would degrade the operation of the Service
- testing or otherwise accessing or using the Service from any jurisdiction that is a Prohibited Jurisdiction
- testing third party applications or websites or services that integrate with or link to the Service.
Reporting
Share the details of any suspected vulnerabilities with the Buddy Security Team by sending an email to security@buddy.works. Sending an email to any other address will void your ability to receive a reward. If you do not receive a reply within two business days, it means your report was not accepted. Please do not publicly disclose these details without express written consent from Buddy. In reporting any suspected vulnerabilities, please include the following information:
- Vulnerability details with information to allow us to efficiently reproduce your steps
- Your email address
- Your name as it should be displayed on this page if you would like it to be
- Your Twitter handle or website as it should be displayed
Compensation Requests
Requests for monetary compensation in connection with any identified or alleged vulnerability will be deemed noncompliant with this Responsible Disclosure Policy. If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, Buddy commits to:
- Promptly acknowledge receipt of your vulnerability report
- Provide an estimated timetable for resolution of the vulnerability
- Notify you when the vulnerability is fixed
- Publicly acknowledge your responsible disclosure