Last updated: 6th November 2020.
Welcome to Drag’s Vulnerability Disclosure Program
We have built this program to help improve the security of DragApp’s application.
- If you believe you have found a security vulnerability that could impact Drag or our users, we encourage you to let us know immediately.
- We will investigate all reports with the view to immediate fix any problems.
- Provide us a reasonable amount of time for us to identify and resolve the issues.
- If you believe you have discovered a vulnerability in Drag or have a security incident to report, please email Breno Vieira, Chief Technology Officer on [email protected]
Exclusion from Vulnerability Disclosure Program
The following are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.
- Physical attacks against Drag employees, offices, and data centers.
- Knowingly posting, transmitting, uploading, linking to, or sending any malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
- Any vulnerability obtained through the compromise of a Drag customer or employee accounts. If you need to test a vulnerability, please create a free account.
- Being an individual on, or residing in any country on, any U.S. sanctions lists.
- Denial of service.
- Brute Force attacks.
- Issues found through automated testing.
- Content Spoofing.
- Version number information disclosure.