The security of our customer data is of great importance to us. We support the responsible disclosure process for vulnerabilities and values reports from ethical security researchers. We are committed to investigating all reports and resolving issues as quickly as possible to protect our customers. This document outlines how world4you collaborates with the security community.
ScopeThe following vulnerabilities in world4you products and services are covered by this document. We encourage any member of the security community to report the following to us:
- Vulnerabilities that impact the confidentiality, integrity, and availability of our products and services, thereby compromising our customers' data.
The following vulnerabilities in world4you products and services are not within the scope of this document. Please do not report these:
- Denial-of-Service attacks (i.e., disrupting our services with high request volumes)
- TLS configuration specifications (e.g., lack of support for TLSv1.3, specific cipher suite configurations, etc.)
- Reports indicating that our services do not fully align with "Best Practices" (e.g., missing security headers or suboptimal email-related configurations such as SPF, DMARC, etc.)
Bug Bounty ProgramCurrently, world4you does not have an official bug bounty program.
Reporting a VulnerabilityPlease send all relevant vulnerabilities (as mentioned above) to our contact address (security@world4you.com). Please read this document in its entirety before reporting vulnerabilities.
If you have discovered vulnerabilities in any of our applications or server configurations, you can provide us with the information directly. Please describe the vulnerability you have found and provide as much information as possible in your report. For example:
- Who does the vulnerability affect? If possible, please provide URLs.
- How can the vulnerability be exploited? Include screenshots if necessary to illustrate the vulnerability.
- Also, provide all relevant information necessary to reproduce the described process.
- Please do not send us confidential information such as your password or other personal data!
What You Can Expect from UsUpon receiving your report, our security team will:
- Confirm the receipt of your report and assign a unique identifier included in the email subject line. Please use this identifier in all your emails to us. We usually respond within one business day.
- Review your report for accuracy and validity, and check if the report is a duplicate of a previous case. If we have further questions, we will reach out to you.
- After successfully verifying your report, it will be forwarded to the relevant department for resolution. Please note that this may take some time. Feel free to inquire about the current status, limiting your inquiries to no more than once every 14 days.
We will contact you once the vulnerability is fixed and may ask you to retest.
If we need to share your findings with another organization, we will contact you in advance. Furthermore, we will not pursue legal action against individuals who, in good faith and in accordance with this document, report security vulnerabilities in a world4you service within the scope.
Feedback
If you have feedback or suggestions regarding this document, please contact our security team at the provided address above.