At Quooker, the security of our systems is very important to us. Despite our best effort to secure our systems, it is possible that there is still a vulnerability.
If you have found a vulnerability in one of our systems, please let us know so that we can take measures as quickly as possible. We would like to work with you to protect our customers and our systems in the best possible way.
Our systems include, but are not limited to the embedded device, web applications, web pages, Android and iOS apps and IT systems, worldwide.
We ask you:
- Email your findings to email@example.com. Encrypt your findings with our PGP key, which can be found at the bottom of this page as a download.
- Mention a name or alias and preferred method of communication (and associated details).
- Not to abuse the problem by downloading more data than is necessary to demonstrate the leak or by viewing, deleting, or modifying data related to our systems.
- Do not share the issue with others until it is resolved and erase all confidential information after the vulnerability is closed.
- Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications.
- In case of an embedded product, please provide information such as product name and serial number, the firmware or software version, and any relevant additional information.
- For web-based services, please provide the date and time of testing, URLs, the browser type and version, as well as the input provided to the application.
- Please provide any details on the tools used to conduct the testing and any relevant test configurations.
- Please provide a copy if you wrote specific proof-of-concept or exploit code.
- Please do not publish the vulnerability without our written approval.
What we promise:
- We will respond to your report within 3 working days with our assessment of the report and an expected resolution date.
- We will not take legal action against you regarding the report if you have complied with the above conditions.
- We will treat your report confidentially and will not share your personal information with third parties without your permission. Unless this is necessary to comply with a legal obligation.
- Reporting under a pseudonym is possible.
- We will keep you informed of the progress of solving the problem.
- We offer a reward for every HIGH or CRITICAL vulnerability that has been resolved and was not yet reported or published.
- We aim to resolve all issues as quickly as possible and would be happy to be involved in any publication of the issue after it has been resolved.
PGP Public Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v184.108.40.206
-----END PGP PUBLIC KEY BLOCK-----