Vulnerability Disclosure Program

At Foqal, we develop some amazing stuff. But with innovation, comes the need for rigorous security measures. Our Vulnerability Disclosure Program is committed to fostering a collaborative approach to cybersecurity. We invite skilled researchers and ethical hackers to identify and report potential security weaknesses in our platform.

Scopes

Our VDP covers all domains and services managed by Foqal.io. We are particularly interested in vulnerabilities involving:
  • Remote Code Execution
  • Unauthorized access to data
  • Authentication & Authorization
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injecton

How to participate

To report a vulnerability, follow these steps:

1
Identify the Vulnerability: Ensure that the issue falls within the scope mentioned above.
2
Create a Detailed Report: Your report should include a description of the vulnerability, steps to reproduce the issue, the impact it could have, and your suggested remediation.
3
Submit the Report: Send your detailed findings to our dedicated security email: security@foqal.io. If you have sensitive data, please do not submit and wait for our response with a secure upload channel.
4
Review and Confirmation: Our security team will review your submission and may reach out for additional information.

Guidelines for Submission

  • Good Faith
    Engage in responsible behavior that avoids data theft, degradation of services, or unauthorized access.
  • Non-Disruptive Testing
    Do not compromise the experience of Foqal.io users. Avoid tests that may lead to service disruption.
  • Non-Disclosure
    Do not publicly disclose vulnerabilities before we have had the opportunity to investigate and mitigate them.

Recognition and Rewards

  • Acknowledgment
    Inclusion in our Hall of Fame.
  • Swag
    Exclusive Foqal merchandise for selected submissions.
  • Monetary Rewards (Future)
    Eligible vulnerabilities can receive financial compensation based on severity and impact.

Legal Safe Harbor

Foqal pledges not to initiate legal action against researchers who adhere to our Vulnerability Disclosure Program guidelines while identifying and reporting potential vulnerabilities. Your good faith effort to protect our users and platform is appreciated and respected.

Questions? (Not Vulnerability Submissions)

Have questions about the Vulnerability Disclosure Program? We are always happy to help. Please fill out the form below and let us know what we can help you with.