If you encounter or identify any security issues with Black Forest Fancies or any of websites, mobile applications, or services, you may contact our Engineering Team directly by email at [email protected] Someone will be in touch, usually within 7 days.
Black Forest Fancies BUG BOUNTY PROGRAM
We welcome security researchers that practice responsible disclosure and comply with our policies. Programs by Google, Facebook, Mozilla, and others have helped to create a strong bug-hunting community. The Black Forest Fancies bug bounty program gives a tip of the hat to these researchers and rewards them for their efforts. In order to be eligible for a reward under our bug bounty program, you must comply with the terms outlined below.
- Do not access (or attempt to access) any user’s account or non-public data.
- Do not affect or harm other users (or their access to or use of our services).
- Do not perform any attack that could harm the reliability or integrity of our services or data. For example, DDoS/spam attacks are strictly prohibited.
- Do not publicly disclose a vulnerability before we have resolved it.
- Do not perform (or attempt) non-technical attacks, including spam, social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
WHAT KINDS OF REPORTS DO NOT QUALIFY?
The following is a non-exhaustive list of reports that do not qualify for a reward under our bug bounty program:
- Disclosure of public information or information that in our opinion does not present a significant risk.
- Disclosure of client identifiers and keys intended as a convenience for open-source contributors.
- Disclosure of credentials by other parties unaffiliated with Black Forest Fancies.
- Bugs, such as XSS, that only affect legacy browser/plugin versions, bugs that require exceedingly unlikely user activity or interaction, or timing attacks that prove, for example, the existence of a user.
- Cookies shared between different *.blackforestfancies.com domains.
- Bugs that have already been reported to us (i.e. first-come, first-served), or bugs that we are otherwise already aware of.
- Issues with functionality that is in-development, experimental, or released in a “beta” stage.
- Scripting or other automation and brute forcing of intended functionality (all of which is strictly prohibited).
- Issues related to software or protocols not under our control.