If you think you have discovered a security issue with Selz.com, please contact email@example.com. You can encrypt any messages you send to this email address with OpenPGP using the public key at the end of this post.
Responsible Disclosure Policy
If you comply with the policies below when reporting a security issue to Selz we will not initiate a lawsuit or law enforcement investigation against you in response to your report.
We ask that:
- You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.
- You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.
- You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
- You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)
- You do not violate any other applicable laws or regulations.
We reward security researchers who help us keep people safe by reporting vulnerabilities in our services. Monetary bounties for such reports are entirely at our discretion and are based on factors such as importance and impact.
To potentially qualify for a bounty, you first need to meet the following requirements:
- Adhere to our Responsible Disclosure Policy (see above).
- Report a security bug: that is, identify a vulnerability in our services or infrastructure which creates a security or privacy risk.
- Submit your report by sending it to firstname.lastname@example.org. Please do not contact employees directly or through other channels about a report.
- If you inadvertently cause a privacy violation or disruption (such as accessing account data, service configurations, or other confidential information) while investigating an issue, be sure to disclose this in your report.
- Use test accounts when investigating issues.
- If we pay a bounty, it will be between $10 and $300, depending on the importance of the report.
- We seek to pay similar amounts for similar issues, but bounty amounts and qualifying issues may change with time. Past rewards do not necessarily guarantee similar results in the future.
- In the event of duplicate reports, we award a bounty to the first person to submit an issue.
- We reserve the right to publish reports and accompanying updates.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFeoBkUBCAC+OEh54RKKUsiZT64m4sL88jJChjPplaJUHBkYWuomCS7veCSS dRUiMSKUwiG1XGzLMaBH425RWHfIfICQ2Q//+mXFL2ywKZuIFaeqRtuJbht0IJ7O SrQfPjfQmgnZPDjZTzl1z95OpiLbjtK7lMmbV2e9ykbKESJVBr7q3+PHET1XfvYM aEo/NikHJe/koGjH64mygjiUDD85mtQfE+rbEBPrH5Hscq1e3SSoN0jyPbeev5Q/ l8//VvGbuBW0ATkye4BUKmYkrM3gjAZw4SdYYeATbX231dHinSGbAqQHTsIDOnt/ 7wBAoyPh0jsuZFfn86w2LLQgUyFMOHnFeFmJABEBAAG0IU1hdGhpZXUgS2VtcGUg PHNlY3VyaXR5QHNlbHouY29tPokBOQQTAQgAIwUCV6gGRQIbAwcLCQgHAwIBBhUI AgkKCwQWAgMBAh4BAheAAAoJEBAUXPeTibnL2bUH/jrW0tR/FfJ03HqorBv1g5ag 5YKT3DDMmwkGwSseyfhTvPS4qpODMwiYJqLPr7Jl75dh7E+w8eA0wn9iK+AhkRXm ZaqE0y8RAGNWO/1oRxy1pDiqaWq9v73Ff1QosGy8h3cU6zTrcRSu9jT7ts0TQPiw 9EWHML68fX9/tN1EJeDYW2hfBzfwbvDAiMpH+XOH1QvsHMNRBhLoJ8RyVep47MZ9 hIXZqRs91vLGxN6PclIUEyCW7epnH8F3VsHArcxgRS5mDpDsJVjk5amLhZ3qpFaD 4LZwKfBu9G7SJXSBBalzNF/3IMMDTtfvEqru8ZwkWYI+6DuNMSyJotvvitEah4a5 AQ0EV6gGRQEIAN1WyLCDKwiuX4KVOCr311gCV4diB7wKlDlENPl/KHw3RvnrOOw+ t9JM2M1+9xoS0KQuZh4Cut/ALj+pWeacorj7jMZ27lBEYmydbwjrtqzJeGYftJUF Q4hLAGwvWrLKZ/frSd4UYhqky6gt1eMda+dJ7ifO2BY+bZ4nTuM/UIbyTFcn2NMl 9uqAiAYOd4yuRbAEceKW3LOjKdlTdyDdpN/S6wKhGy+6leTBOKVdAcnpyNzpofrR z+3iblA34aaQY9VgPaoclFJv3ZS2WXQ+lBfduY3lxt1ODlo7EUn6M1twv7Lz5YvG HNY3Kfy1dat82v21rmNe3nu5nOwvKXJZJl0AEQEAAYkBHwQYAQgACQUCV6gGRQIb DAAKCRAQFFz3k4m5y5iACACi7+if+2wd8yDD5JNHNfp5gNjB4wlXec89+bTW/yQR FrkHU8gbor4NbJWGN21NbhPa9y8MSICjmECsHxmNjGA+JLGXAZ6h39NCHIadVxkI c//AUOXygoKJbXlgS4LBopn8Zcz1xa9jo7r+8pXlfKPGBs1LXKa+8j7jANLeiim7 pW4MNvo3Kqp2LfoYv82q2VCiTc5Mj8xh3Gfh1Y2QrI8UFPvgVdJalEIHdAVmDxOA /LK4RMldGdlSXABdszytxRyROFB7uMt3NpEAzYyuQBx+5MUAXuLbXDgqs5q1K2Vx xRBVGPmEiydR7SuPew7F4BtaKD4OIcZ6gyQhaW+fWxF6 =/vJp -----END PGP PUBLIC KEY BLOCK-----