Vulnerability disclosure program.

Last updated: 28th May 2019

Welcome to Drag’s Vulnerability Disclosure Program

We have built this program to help improve the security of DragApp’s application.

  • If you believe you have found a security vulnerability that could impact Drag or our users, we encourage you to let us know immediately.
  • We will investigate all reports with the view to immediate fix any problems
  • Provide us a reasonable amount of time for us to identify and resolve the issues.
  • If you believe you have discovered a vulnerability in Drag or have a security incident to report, please email Breno Vieira, Chief Technology Officer on security@dragapp.com.

 

Exclusion from Vulnerability Disclosure Program

The following are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

  1. Physical attacks against Drag employees, offices, and data centers.
  2. Knowingly posting, transmitting, uploading, linking to, or sending any malware.
  3. Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
  4. Any vulnerability obtained through the compromise of a Drag customer or employee accounts. If you need to test a vulnerability, please create a free account.
  5. Being an individual on, or residing in any country on, any U.S. sanctions lists.
  6. Denial of service.
  7. Brute Force attacks.
  8. Issues found through automated testing.
  9. Content Spoofing.
  10. Version number information disclosure.

Please read our Terms and Conditions and Privacy policy before proceeding in our Vulnerability Disclosure Program.