Responsible Disclosure
We encourage everyone to practice responsible disclosure and comply with our policies and terms of service.
Please do not use automated testing and only perform security testing with your own data. Please do not disclose any information regarding the vulnerabilities until we fix them.
You can report vulnerabilities by contacting Security@jamis.com. Please include a proof of concept. We will respond as quickly as possible to your submission and will not take legal actions if you follow the rules.
Coverage
- *.jamisprime.us
Accepted vulnerabilities include the following:
- Account/email enumerations
- Attacks that could harm the reliability/integrity of our business
- Authentication issues
- Cross-Site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- Command/File/URL inclusion
- Code execution
- Code or database injections
- Logout CSRF
- Open redirect
This program does NOT include:
- Clickjacking on pages without authentication and/or sensitive state changes
- Content spoofing / text injection
- Denial of Service (DoS)
- Exploits that require physical access to a user’s machine
- Insecure cookies for non-sensitive cookies or 3rd party cookies
- Mixed content warnings
- Phishing
- Social engineering
- Spam attacks
- Timing attacks
