Here at OpenBet Ltd, we place the highest priority on maintaining and improving the security of our systems and infrastructure. However, despite our best efforts, vulnerabilities can still exist. This policy sets out how you can help us to protect all of our clients and systems, by safely and securely reporting any vulnerabilities identified within our software, hardware, or source code.
How to report a vulnerability
If you identify a vulnerability, we would be grateful if you could report it as soon as possible to the OpenBet Security Team: firstname.lastname@example.org.
When reporting, please DO:
- Include as much information as you can, including the nature of the vulnerability, how you identified it and its impact.
- If you can, include the IP address, URL and/or source path of the location of the vulnerability.
- Delete all data obtained in the course of identifying the vulnerability immediately and securely upon making your report.
Please DO NOT:
- Report the vulnerability to any party other than the OpenBet Security Team at email@example.com, or via any social media or other channels.
- Exploit, copy, use or access the vulnerability except where strictly necessary to report its presence.
- Take any action that might compromise any applicable laws or agreements, including those related to privacy, personal data and/or confidentiality, or impact upon the operating of the system.
- Use the Security Team email address for any purpose other than reporting vulnerabilities that are of have the potential to impact upon our systems or infrastructure.
If in doubt, please direct any questions to firstname.lastname@example.org.
How we will deal with your report
The OpenBet Security Team will respond to you as soon as possible with an assessment of the issue and an anticipated date of resolving it (if applicable). We will keep you updated with our progress in working towards resolution of the vulnerability.
Your report will be treated in the strictest confidence and no personal details will be shared with any third party without your consent.
Please note: OpenBet does not offer any form of financial compensation for reporting vulnerabilities.