Hubdia Vulnerability Disclosure Program Rules

These Program Rules provide our guidelines for reporting vulnerabilities to Hubdia. This program is meant for vulnerabilities and security-related bugs. If you have a general bug report or site feedback, please submit it on our Feedback page.

If you believe you have identified a security vulnerability that could impact Hubdia or its users, we ask you notify us right away. We will investigate all legitimate reports and do our best to quickly fix the problem. We request you follow our Vulnerability Disclosure Program Rules and HackerOne's Vulnerability Disclosure Guidelines and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.

Scope

Websites and services operated by Mash the Keyboard for Hubdia, including:

• *.hubdia.com
• *.hubdia.net

Scope is limited strictly to software and hardware vulnerabilities—not people. Mash the Keyboard and Hubdia users, volunteers, customers, and employees are entirely out of scope of this program.

Third-party software and services that we use, such as nginx or CloudFlare, should be reported to the appropriate parties and are not eligible for a reward from us. I'd appreciate a head's up and will credit you in our Hall of Fame!

Eligibility & Disclosure

In order for your submission to be eligible:

• You must agree to all of our Vulnerability Disclosure Program Rules (this entire page).
• You must follow HackerOne's Vulnerability Disclosure Guidelines.
• You must be the first person to responsibly disclose an unknown issue to us.
• You must immediately report any vulnerability that allows access to personally identifiable information (PII), not copy or disseminate any PII obtained, and destroy any and all PII in your possession.

All legitimate reports will be reviewed and assessed by Mash the Keyboard's team to determine eligibility.

As mentioned in our Privacy and Security Policy, Hubdia's website and services are not intended for, or designed to attract, individuals under the age of 18. Due to the Children's Online Privacy Protection Act (COPPA), we cannot accept submissions from children under the age of 13. Reporters under the age of 18 will not be eligible to receive CloudFlare service rewards. We'll find another way to recognize your effort.

Rewards

For each eligible vulnerability report, the reporter will receive:

Recognition in our Hall of Fame.

We don't currently offer a cash reward.

Exclusions

The following conditions are out of scope for our vulnerability disclosure program:

• Physical attacks against Hubdia users, volunteers, customers, employees, offices, and data centers.
• Social engineering of Hubdia users, volunteers, customers, employees, or service providers.
• Knowingly posting, transmitting, uploading, linking to, or sending any malware.
• Pursuing vulnerabilities which send unsolicited bulk or unauthorized messages (spam), and/or denial of service (DoS) attacks.
• Any vulnerability obtained through the compromise of a Hubdia user, volunteer, customer, or employee account. If your vulnerability allows you to compromise one of these accounts, please report it to us immediately and do not press further without written permission.

Questions?

Send us an e-mail at [email protected].

Thanks!

GIGANTIC THANK YOU to HackerOne for providing this awesome service, and to CloudFlare and 4chan for providing a killer template to work from. And thanks to you for reading and considering our program!