CareerZooms

---

Program Policy for External Researchers

Introduction

Welcome to CareerZooms.com’s External Research Program on HackerOne! We value your contributions and dedication to improving our platform’s security. This policy outlines the rules and guidelines for participating in our program.

Scope

The CareerZooms.com External Research Program invites security researchers to identify and report vulnerabilities in our systems. This program covers all assets and services owned, operated, or managed by CareerZooms.com.

Rules of Engagement

1. Authorized Testing: You are authorized to test only assets and services listed in the scope section. Do not attempt to access, modify, or exploit data beyond this scope.
2. Responsible Disclosure: Report any vulnerabilities promptly and responsibly following HackerOne’s disclosure guidelines.
3. Ethical Conduct: Conduct your research ethically, without causing disruption or harm to our users or systems.
4. No Data Manipulation: Do not perform any actions that could result in data loss, data corruption, or service disruption.
5. Legal Compliance: Adhere to all applicable laws and regulations during your testing activities.
6. Respect Privacy: Respect user privacy and confidentiality. Avoid accessing or disclosing sensitive information.
7. No Social Engineering: Do not engage in phishing, social engineering, or any form of deceptive practices.

Reporting Vulnerabilities

1. Submission Format: Submit vulnerabilities in a clear and detailed manner, including proof of concept (POC) if applicable.
2. Severity Classification: Follow the severity classification guidelines provided in our program documentation.
3. No Public Disclosure: Do not publicly disclose vulnerabilities until they have been resolved and disclosed by CareerZooms.com.

Acknowledgment and Rewards

1. Acknowledgment: We acknowledge the contributions of researchers who report valid vulnerabilities promptly and responsibly.
2. Rewards: Eligible vulnerabilities may receive monetary rewards based on their severity and impact.

Enforcement

Violation of this policy may result in disqualification from the program and legal action if deemed necessary. We reserve the right to update and modify this policy as needed.

Contact Us

If you have any questions or need clarification regarding this policy, please contact us at [email protected]

By participating in our External Research Program, you agree to abide by this policy and HackerOne’s terms of service.