Blowfish Responsible Disclosure Policy

Purpose

The purpose of this policy is to encourage responsible and ethical reporting of security vulnerabilities in our software and systems. We take the security of our products and services seriously and believe that working with the security community is a vital part of maintaining the security of our customers.
Scope This policy applies to all of our products and services, including software, websites, and online services.
Guidelines for Reporting Vulnerabilities
- Researchers are encouraged to contact us immediately upon discovery of a potential vulnerability.
- When reporting a vulnerability, please provide us with a detailed description of the issue, including steps to reproduce the vulnerability if possible.
- Do not publicly disclose the vulnerability until it has been fixed and we have had a chance to notify affected customers.
- Do not use the vulnerability for any malicious or unauthorized activity, including but not limited to data theft, unauthorized access, or denial of service.
Purpose The purpose of this policy is to encourage responsible and ethical reporting of security vulnerabilities in our software and systems. We take the security of our products and services seriously and believe that working with the security community is a vital part of maintaining the security of our customers.
Scope This policy applies to all of our products and services, including software, websites, and online services.
Our Responsibilities
- We will acknowledge receipt of your report within 48 hours.
- We will provide an estimated timeline for when the vulnerability will be fixed.
- We will keep you informed of our progress in fixing the vulnerability.
Legal
- You agree to comply with all applicable laws and regulations in connection with your participation in this program.
- We will not take legal action against you for any activities that are consistent with this policy.
Changes to the Policy

We may change this policy at any time without notice.
Contact

To report a vulnerability, please contact us at [email protected] with the email subject “Responsible Security Disclosure”.