Responsible Disclosure

Found a security vulnerability? Let us know!

We work with security experts and researchers to verify and address any potential vulnerabilities reported to us. If you believe you’ve found a vulnerability in a TargetBay environment, let us know below.

Reporting Guidelines

  • Please use app.targetbay.com to perform all security testing.
  • Reach out to security@targetbay.com, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 24 hours of submission.
  • Please refrain from doing security testing in existing customer accounts.
  • When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
  • You’re allowed to disclose the discovered vulnerabilities only to security@targetbay.com. Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.

Qualifying Security Bugs

All bugs that are reported are qualified based on its impact on client’s production data.

We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.

Bugs Severity

TargetBay will define the severity of the issue based on the impact and the ease of exploit.

Response Time

RESPONSE TYPETIME
AcknowledgementWithin 24 hours
Time taken to resolveBased on the Severity

Hall of Fame

We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with TargetBay.

Back To Top