At Rebump, we take privacy and security very seriously.
We are committed to do everything we can to ensure the security of your data.
Reporting security issues
If you have discovered a security issue that you believe we should know about or have a security incident to report, please let us know about it and we will make every effort to quickly correct the issue.
As part of your research, do not intentionally view or access any data beyond what is needed to prove the vulnerability.
Privately share the details of the vulnerability or incident with Rebump security team by sending an email to aaron[at]rebump.cc.
Rebump's vulnerability disclosure policy
We ask you to abide by the following Rebump disclosure guidelines:
- Unless Rebump gives you permission, do not disclose any issues to the public or to any third parties.
- Please do not discuss vulnerabilities (even resolved ones) outside of the program without express consent from Rebump.
Bug submission requirements
When submitting a vulnerability or incident, please provide:
- The detailed description of the issue, the exploitability and impacts.
- The reproducible steps (if applicable) – if we cannot reliably reproduce the issue, we cannot fix it.
- Email address of the Rebump account that you used.
All submissions must provide evidence and explanation of all steps required to reproduce the issue, which may include:
- PoC (videos, screenshots, payloads, web/API requests and responses)
- References and recommendations.
The following actions are strictly prohibited
- Denial of Service attacks
- Any physical attempts against Rebump property or data centers
- Social engineering of Rebump staff or users
- Compromise of Rebump users or employees account