At 1millionresume, we prioritize the security and privacy of our users. We appreciate the efforts of the security community in helping us maintain the security of our website. This Vulnerability Disclosure Policy outlines the guidelines for reporting vulnerabilities and sets clear expectations for interactions.
Scope
This policy applies to all security researchers, ethical hackers, and individuals who wish to report vulnerabilities found in any of 1millionresume"s online services and websites.
Reporting Guidelines
1. Scope of Testing
- Only test against your own accounts or with explicit permission from the account holder.
- Do not engage in any activity that can disrupt our services, including Denial of Service (DoS) attacks, automated vulnerability scanners, or excessive traffic.
2. No Monetary Compensation:
- We do not offer monetary rewards or bounties for vulnerability disclosures at the moment.
- All vulnerability reports are considered as contributions made in good faith to help improve our security.
2. Responsible Disclosure:
- Report vulnerabilities to us directly and allow us a reasonable amount of time to address them before disclosing them publicly.
- Include detailed information about the vulnerability, including steps to reproduce it, potential impact, and any recommendations for fixing it.
How to Report a Vulnerability
If you believe you have discovered a security vulnerability, please send an email to contact@1millionresume.com with the following information:
- Description of the vulnerability and its potential impact.
- Steps to reproduce the issue.
- Your contact information (optional).
Expectations from Researchers
By participating in our vulnerability disclosure program, you agree to:
- Act in good faith to avoid privacy violations, data destruction, and interruption or degradation of our services.
- Adhere to all applicable laws and regulations.
- Refrain from using automated tools that could create unnecessary load on our systems.
Acknowledgement
We appreciate the contributions made by security researchers and will acknowledge valid vulnerability reports in a timely manner. While we do not offer monetary rewards, we are happy to give credit/recommendation to researchers who responsibly disclose vulnerabilities, if they desire.
Changes to This Policy
We may update this policy from time to time. The latest version will always be available on our website. By continuing to engage with our services after these changes are made, you agree to be bound by the revised policy.