Splash
Logo

Responsible Disclosure Policy

Last Updated: January 16, 2025

Responsible Disclosure Policy
Effective Date: 16 January, 2025

 

At Bak.com, the security and privacy of our users, brands, and creators are our top priorities. We are committed to safeguarding our platform and data. If you have discovered a security vulnerability or weakness in our system, we encourage you to responsibly disclose it to us so we can address it promptly.

We appreciate the efforts of ethical security researchers who contribute to the security of Bak.com by identifying vulnerabilities and reporting them responsibly.

 


Scope

This Responsible Disclosure Policy applies to:


 

Guidelines for Responsible Disclosure

To ensure the security of our platform and all stakeholders, please adhere to the following guidelines when reporting a vulnerability:

  1. Report Promptly: Share the details of the security vulnerability as soon as you identify it.

  2. Avoid Data Tampering: Do not modify or delete any data on Bak.com systems.

  3. Do Not Exploit: Avoid accessing unnecessary information or exploiting the vulnerability beyond its discovery.

  4. Maintain Confidentiality: Do not disclose any vulnerability publicly or to third parties without prior written permission from Bak.com.

  5. Provide Detailed Reports: Include enough details to help us reproduce and understand the vulnerability (e.g., steps to replicate, screenshots, or proof of concept).

  6. Test Responsibly: Do not conduct any attacks that could harm the system, including denial of service (DoS), social engineering, or physical attacks.

 


 

How to Report a Vulnerability

If you discover a potential vulnerability, please send us a detailed report at security@bak.com.

Your report should include:

 


 

What You Can Expect

When you submit a report in accordance with this policy, you can expect the following:

  1. Acknowledgment: We will acknowledge your report within 48 hours.

  2. Assessment: Our security team will investigate and validate the vulnerability, as it is their responsibility to enforce and oversee this policy, ensuring clear ownership and resolution.

  3. Resolution: If confirmed, we will work to resolve the issue as quickly as possible. We will keep you updated on the progress.

  4. Recognition: While we do not currently offer monetary rewards or bounties, we appreciate your contribution and may recognize your efforts (subject to your consent).

 


 

Safe Harbor

We promise to work with ethical researchers who act in good faith. As long as you comply with this policy:

 


 

Out of Scope

The following are not considered in scope for responsible disclosure:

 


Final Notes

We value your cooperation and commitment to helping us keep Bak.com a safe platform for everyone. If you have any questions about this policy, please contact us at support@bak.com.


 

Bak.com reserves the right to update this Responsible Disclosure Policy at any time.