This policy aims to create a framework where security researchers can responsibly report vulnerabilities to
help improve Oxymoney’s security, while also ensuring that legal and ethical boundaries are duly respected.
If you make a genuine effort to follow this policy while conducting your security research, we will consider your actions authorized. We’ll collaborate with you to identify and address the issue as swiftly as possible.
Guidelines:
1. Notify us as soon as possible after you discover a real or potential security issue.
2. Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
3. Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems.
4. The findings shall be kept confidential and shall only be discussed with Oxymoney only. Researchers are encouraged to report security vulnerabilities via contact section of the portal. Oxymoney appreciates efforts to identify vulnerabilities. By submitting a report, you agree to:
Transfer ownership of the report to Oxymoney.
Ensure your actions up until the report are legal and respectful of third-party rights.
Confirm the report is your original work.
Not harm Oxymoney’s reputation.
Keep the report and vulnerability confidential.
Make the report out of goodwill, without expecting rewards.
Researchers may choose to provide contact information voluntarily, but there’s no guarantee Oxymoney will respond. The company may reach out at its discretion.