notification iconBe Part of Something Great! We’re Hiring

Vulnerability Responsible Reporting (VRR) Policy


The Vulnerability Responsible Reporting (VRR) policy is a process by which security researchers or ethical hackers discover vulnerabilities in BeeORDER software, hardware, or systems and report them to us. Our primary goal is to enhance the security of our systems by addressing these vulnerabilities before they are exploited by malicious actors.

The process consists of the following steps:

  1. Discovery: Security researchers or ethical hackers identify a vulnerability.
  2. Reporting: Researchers should submit a detailed report about the vulnerability. This report should include:
    • A comprehensive description of the vulnerability, including technical details.
    • Steps to reproduce the vulnerability (proof of concept).
    • The specific system, domain, or application affected by the vulnerability.
    • A suggestion for a potential solution (optional).

Reports can be submitted by sending an email to the following address:

security@Beeorder.com

  1. Verification: We acknowledge the report, review the vulnerability, and verify its existence.
  2. Remediation: We work on developing a patch or fix to address the vulnerability.
  3. Recognition: After reporting and verification steps, we acknowledge the researcher's contribution based on an assessment that considers:
    • Vulnerability Impact: The potential severity of the vulnerability and the damage it could cause.
    • Vulnerability Size: The scope of the vulnerability and the number of systems or users it affects.
    • Cooperation: The researcher's communication style, willingness to work with us, and adherence to responsible disclosure practices.
    • Solution Provided: Whether the researcher included a potential solution or workaround in their report.

Following evaluation, recognition will be granted, potentially taking various forms: 

  • Social Media Acknowledgement: Publicly recognizing the researcher's contribution on our social media platforms.
  • Reward
  • Certificate of Appreciation: Awarding a certificate to acknowledge the researcher's role in improving our security.
  • Working with the Researcher as a Consultant: It is possible to engage the researcher to work with our company as a consultant on security vulnerabilities and technical issues.

Recognition is not guaranteed for all reported vulnerabilities. We reserve the right to not publicly acknowledge or reward vulnerabilities.

 

The objective of the policy:

The Vulnerability Responsible Reporting Policy helps protect our users and systems from potential attacks. It fosters collaboration between security researchers and us, creating a more secure digital environment for everyone. By implementing this recognition system, we aim to incentivize responsible reporting and express gratitude to security researchers who help us maintain a vulnerability-free system.

For any information or inquiries, please contact us at this email address:

security@Beeorder.com