At VideoAsk, ensuring the safety and security of your data is our highest priority. We believe in responsible disclosure and work closely with our community to investigate and address any legitimate security concerns.
This article outlines the steps you can take to report a security vulnerability to VideoAsk and contribute to maintaining the safety and security of our services.
Responsible Disclosure Guidelines
We run an invitation-only Bug Bounty program. If you think you’ve found a bug in VideoAsk’s security, or have a security incident to report, please email us at firstname.lastname@example.org (VideoAsk is a Typeform product) and mention the email address where you would like to receive the invitation.
Once you’ve received the invitation, you can specify all the details in the Bug Bounty platform.
Our Security team investigates all reported security issues as quickly as possible.
Please don’t publicly disclose the issue until it has been addressed by us. We'll try our best to meet our program's defined action times when triaging the report.
When reporting a vulnerability, please provide as much detail as you can, to help us with the validation and reproduction of it. Vulnerabilities must be disclosed to us privately and should be made in good faith. We will not prosecute people for reporting vulnerabilities, as long as no malicious attempt to compromise other user accounts has been made.
We understand the hard work that goes into security research. We’ll show our appreciation in the best way we can, based on the effort needed, criticality of the issue, and the responsible disclosure of the potential vulnerability.