Introduction
At Facturaz we take the security of our systems seriously. Despite our best efforts, vulnerabilities may exist. If you discover a security issue, please report it so we can fix it.
What we ask from you
- Please report any findings via our OpenBugBounty page.
- Provide enough information to reproduce the issue, for example the affected URL, step-by-step instructions, proof of concept and screenshots when relevant.
- Do not exploit the vulnerability beyond what is necessary to demonstrate it.
- Do not publicly disclose the issue before we have had a chance to resolve it.
- Do not use social engineering, DDoS techniques or physical attacks.
What we promise
- We will confirm receipt within 5 business days.
- We will keep you informed of progress and work to remediate the issue as quickly as possible.
- If you follow our policy, we will not pursue legal action against you.
- With your permission we may publicly credit you as a thank you.
We appreciate responsible disclosures and can publicly credit you if you wish.
