ota-sync-logo

Responsible Disclosure Policy

OTA Sync values the security of our users as well as the security of our systems. This Responsible Security Reporting Program allows you to alert OTA Sync of possible security vulnerabilities. We encourage the reporting of security vulnerabilities found in OTA Sync products. This article explains how to submit your report as well as our guidelines.

Rules and regulations

  • Do not attempt to read, write, or access any private data to which you have access
  • Do not disclose any vulnerabilities publicly.
  • Do not run any testing that would interrupt services or degrade users' abilities to utilize them.
  • Do not use noisy automated scanners.
  • All testing must adhere to the scopes and domains outlined below.

Report Submissions

We ask that you commit to ensuring our users' safety, so please give us time to analyze submissions through this program and fix any security vulnerabilities you may discover. Reports must be submitted to office@otasync.me with the following information
  1. Description of the issue
  2. Browser Version(if applicable)
  3. Scenario(if applicable)
  4. Steps to reproduce
  5. Any additional information/reference
  6. Proof of concept: scripts, screenshots, and compressed screen captures
  7. Impact of the vulnerability
We'll keep you informed about our progress throughout the process.