BibReady

Responsible Disclosure

At BibReady, we consider the security of our systems a top priority. Despite our best efforts to ensure the security of our systems, there might still be vulnerabilities. We appreciate the efforts of security researchers who help us identify and address potential security issues.

Reporting Guidelines

If you believe you've found a security vulnerability in our service, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly address the issue.

  • Email your findings to info@bibready.com
  • Provide sufficient information to reproduce the vulnerability
  • Include your contact information for follow-up questions
  • Allow reasonable time for us to address the issue before disclosing it to others

Scope

This policy applies to all BibReady systems, including our website, mobile applications, and backend infrastructure.

Our Process

When we receive a vulnerability report, we commit to:

  • Acknowledge receipt of your report as quickly as possible
  • Provide an initial assessment of the report
  • Keep you informed about our progress addressing the issue
  • Notify you when the vulnerability has been fixed

Legal Safe Harbor

To encourage responsible disclosure, we promise not to initiate legal action against researchers who:

  • Make a good faith effort to comply with this policy
  • Avoid intentionally harming our service or users
  • Do not access or modify user data without explicit permission
  • Act in accordance with applicable laws

What We Expect

In the interest of our users' security and privacy, we ask you to:

  • Make every effort to avoid privacy violations, data destruction, or service interruption
  • Only interact with your own accounts or test accounts for security research purposes
  • Not perform any action that could harm the reliability or integrity of our services
  • Securely delete any data retrieved during your research as soon as it's no longer needed

Out of Scope

The following types of reports may not qualify under this policy:

  • Reports of non-security related bugs or issues
  • Social engineering, phishing, physical, or DDoS attacks
  • Spam or automated vulnerability scans
  • Issues already known to us or previously reported

Contact Us

For questions about this policy or to report a vulnerability, please email us at info@bibready.com

Last updated: February 2025