Back

Responsible Disclosure DiveBusters

Effective Date: September 16, 2024

At DiveBusters, we take the security of our systems and data very seriously. We recognize the valuable role that security researchers and our user community play in identifying vulnerabilities to help keep our information and services safe. If you have discovered a security vulnerability, we encourage you to disclose it to us responsibly.

1. Reporting a Vulnerability
If you believe you have found a security vulnerability in our website or services, please report it to us by emailing [email protected]. Your report should include:
- A description of the vulnerability
- Detailed steps to reproduce the issue
- Any potential impact of the vulnerability

2. Out of Scope
- Test environments are out of scope for vulnerability disclosures.
- Vulnerabilities related to HTTP headers are considered low priority by default.
- Stapling vulnerabilities (combining multiple lower-severity issues into one report) do not apply.

3. Our Commitment
- We will acknowledge receipt of your report within 5 business days.
- We will work to validate and address the vulnerability promptly.
- We will keep you informed of our progress and may reach out for additional information if necessary.

4. Guidelines
To ensure responsible disclosure and protect our users' data and privacy, we ask that you:
- Provide us a reasonable amount of time to address the issue before disclosing it publicly.
- Avoid accessing, modifying, or deleting any user data or other sensitive information during your testing.
- Refrain from any activities that could disrupt our services or impact our users.

5. No Compensation
While we do not offer monetary rewards for vulnerability reports, we sincerely appreciate your efforts to help us maintain the security and integrity of our services. However, in cases where you identify a high or critical vulnerability with severe effects on the DiveBusters platform, we can reward you with a lousy t-shirt, stating that you hacked DiveBusters and only got the lousy t-shirt or other swag.

6. Legal
DiveBusters does not authorize any security research that could violate applicable laws. By reporting a vulnerability, you agree to comply with all relevant laws and not to engage in any activity that could harm DiveBusters or its users.

Thank you for helping us keep DiveBusters secure.

DiveBusters Team