You found a security vulnerability in one of the Awesome Gapps products, and you want to report it to us. This article explains you our policy in this respect and what is the procedure to report a security vulnerability you discovered in YAMM.
No technology is perfect, and Awesome Gapps believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you think you've found a security issue in one of the Awesome Gapps products, we encourage you to notify us at firstname.lastname@example.org. We welcome working with you to resolve the issue promptly.
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to resolve the issue quickly.
Awesome Gapps values the members of the independent security research community who find security vulnerabilities and work with us so that security fixes can be issued to all customers. When a fix for the reported security bug is issued, Awesome Gapps' policy is to credit all researchers in the Release Notes. To receive credit, security researchers must follow this policy’s best practices, including:
- to only interact with accounts you own or with the explicit permission of the account holder;
- to not disclose the vulnerability to the public or to any third party before Awesome Gapps releasing a fix for it;
- to not disclose specifics of the issue, for example, through exploits or proof-of-concept code;
- to refrain from causing any privacy violations, destruction of data, and interruption or degradation of our service.
Also, while researching, we'd like to ask you to refrain from:
- Denial of service.
- Social engineering (including phishing) of our staff or contractors.
- Any physical attempts against our property.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. Suppose legal action is undertaken by a third party against you, in connection with activities conducted in compliance with this policy. In that case, we will take steps to make it known that your actions were conducted in compliance with this policy.