Hello security researchers π
We invite you to investigate vulnerabilities in Maroo as long as your research follows this responsible research and disclosure policy.
β What you need to do
Avoid harm or risk to Maroo, our users, or third parties
Don't disclose your findings without our agreement
Report through a legitimate channel
β What you can't do
No privacy violations
No deletion or damage of resources
No lasting harm
Nothing that degrades our service
No creation or sharing of inappropriate content
No targeting our staff, investors or physical environment
π€ How we will respond
If you follow these guidelines, we commit to:
Not pursuing or supporting legal action related to your research
Working with you to understand issues, and resolve them if Maroo considers it necessary
Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our program's scope
πΈ Rewards
As part of encouraging security researchers to put our security to test, we offer a variety of rewards for doing so if:
The reported vulnerability is verifiable
It hasn't been reported already
You conducted your activities in a manner consistent with our guidelines
Rewards are provided at Maroo sole discretion based on severity of the bug and quality of the report.