Reporting Vulnerabilities
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
How to Report
Please email us at traviscatbot@gmail.com with the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if available)
What to Expect
- Acknowledgment: We will confirm receipt of your report within 48 hours
- Status Updates: We will provide updates on the progress of addressing the vulnerability
- Credit: With your permission, we will acknowledge your contribution in our Hall of Fame
Scope
The following are in scope for our security program:
- travis.swedencentral.cloudapp.azure.com
- All TravisBot web application functionality
- Authentication and authorization mechanisms
- Data protection and privacy features
Out of Scope
- Social engineering attacks
- Physical security vulnerabilities
- Denial of service attacks
- Issues in third-party services
Guidelines
We ask that you:
- Not exploit the vulnerability beyond what is necessary to prove it exists
- Not access, modify, or delete data that does not belong to you
- Give us reasonable time to address the vulnerability before disclosure
- Act in good faith and not for personal gain
Thank You
We appreciate your efforts to responsibly disclose security vulnerabilities. Your help keeps TravisBot and our users safe.