vzaar takes security very seriously. If you believe you have found a vulnerability, please read our policy below to report it to us in a responsible manner.
- Please email us details of the vulnerability to security at vzaar dot com, including instructions on how to replicate the issue. We will deal with these emails with the highest priority, and will get back to you within 24 hours on a business day.
- We will keep you informed of our timeframe to patch any genuine vulnerabilities, so please avoid disclosing details of the issue publicly until we have put a fix in place.
- Please perform any tests in a responsible manner, without executing any code that could harm our service or our users' privacy. We deeply appreciate reports from whitehat researchers, so please work with us and stick to these guidelines so we can keep things amicable.
- http://help.vzaar.com is run by a third party, and vulnerabilities here are not under our control, so we're obviously unable to provide recognition for vulnerabilities discovered there.
- Acknowledgement in our contributors list is reserved for the first person to report a legitimate vulnerability, and their name will be added once it is fixed.
- At this time, we cannot offer any financial compensation. However, if you're ever near our office in London we'll happily take you out for a beer/coffee.