Security Disclosure Policy

Security Disclosure Policy

The aim of this page is to explain what to do if you find a BUG or VULNERABILITY within this web application.

Whilst not a legal document, it does outline intentions that may relate to law.

In Short: Please play nice, we’ll also play nice, and we use platforms used by 1000,000’s of people so there will be plenty of recognition.

CONTACT

security@vinyldye.co.uk

It will be dealt with asap. If you would like a public key, just ask.

INDEMNIFICATION

Where the law permits we will not disclose or prosecute if you do not cause any interruption to business and only discover limited ‘proof of concept’ amounts of data. Please bear in mind that according to GDPR if any personally identifiable information is discovered we are required to report this to the ICO. We don’t need to report you personally, but we would be asked ‘how do you know’!

BOUNTIES

We are a small company, so large financial rewards are unfortunately not possible. However we can certainly do you a great deal on any of our products! Maybe you need to change the colour of your seats in your car? We’ll send you the needed items for free (up to a maximum value including postage costs of £200).

FURTHER PROOF

If you'd like to be able to make 'breaking' changes or other activities that could possibly interrupt business, then please request we clone the site and anonymise the data. This activity would only take 1-2 days and provide you with a sandbox to operate on.

DISCLOSURE

We would like to be able to co-ordinate disclosure. That is if you could give us time, perhaps as much as 1-2 weeks to resolve the problem/bug/vulnerability prior to going public.

We appreciate that the platforms we use are open source and used by 100,000’s of people and companies, as such disclosing the problem will in fact impact many more companies and people than just us. As such disclosure to the maintainers of those platforms is not only permitted, but encouraged. But please do inform us in addition and do so without direct reference to our site/systems.

THANK YOU

I hope by the tone and words contained in this policy, it comes across as a friendly, and polite notice. We appreciate any feedback that we can make to adjust or amend these.

A family developer friend helped construct this with assistance from https://titanous.com/posts/security-disclosure-policy-best-practices .