Responsible Disclosure Policy
Effective Date: 16 January, 2025
At Bak.com, the security and privacy of our users, brands, and creators are our top priorities. We are committed to safeguarding our platform and data. If you have discovered a security vulnerability or weakness in our system, we encourage you to responsibly disclose it to us so we can address it promptly.
We appreciate the efforts of ethical security researchers who contribute to the security of Bak.com by identifying vulnerabilities and reporting them responsibly.
Scope
This Responsible Disclosure Policy applies to:
Bak.com website (including all subdomains)
Any other system owned or operated by Bak.com that is clearly within our control.
Guidelines for Responsible Disclosure
To ensure the security of our platform and all stakeholders, please adhere to the following guidelines when reporting a vulnerability:
Report Promptly: Share the details of the security vulnerability as soon as you identify it.
Avoid Data Tampering: Do not modify or delete any data on Bak.com systems.
Do Not Exploit: Avoid accessing unnecessary information or exploiting the vulnerability beyond its discovery.
Maintain Confidentiality: Do not disclose any vulnerability publicly or to third parties without prior written permission from Bak.com.
Provide Detailed Reports: Include enough details to help us reproduce and understand the vulnerability (e.g., steps to replicate, screenshots, or proof of concept).
Test Responsibly: Do not conduct any attacks that could harm the system, including denial of service (DoS), social engineering, or physical attacks.
How to Report a Vulnerability
If you discover a potential vulnerability, please send us a detailed report at security@bak.com.
Your report should include:
A clear description of the issue
Steps to reproduce the vulnerability
Supporting evidence (e.g., screenshots, logs, or proof of concept)
Your contact information (name and email address)
What You Can Expect
When you submit a report in accordance with this policy, you can expect the following:
Acknowledgment: We will acknowledge your report within 48 hours.
Assessment: Our security team will investigate and validate the vulnerability, as it is their responsibility to enforce and oversee this policy, ensuring clear ownership and resolution.
Resolution: If confirmed, we will work to resolve the issue as quickly as possible. We will keep you updated on the progress.
Recognition: While we do not currently offer monetary rewards or bounties, we appreciate your contribution and may recognize your efforts (subject to your consent).
Safe Harbor
We promise to work with ethical researchers who act in good faith. As long as you comply with this policy:
We will not pursue legal action against you.
We will not suspend or terminate your access to our services.
We will work with you to understand and resolve the issue quickly. It is the Security Team's responsibility to enforce this policy and ensure all reported issues are handled appropriately.
Out of Scope
The following are not considered in scope for responsible disclosure:
Denial of Service (DoS) vulnerabilities
Clickjacking issues
Use of outdated libraries without specific exploit
Content spoofing or text-based issues (e.g., typos)
Missing best practices (e.g., lack of security headers)
Final Notes
We value your cooperation and commitment to helping us keep Bak.com a safe platform for everyone. If you have any questions about this policy, please contact us at support@bak.com.
Bak.com reserves the right to update this Responsible Disclosure Policy at any time.
