Please note that only genuine security issues are eligible for recognition by this program.
After the initial triaging and realization of the issue as valid & non-duplicate, we will reach the researcher accordingly.
Report vulnerabilities expediently: to help us reduce the risk of malicious actors finding and exploiting.
Don't attempt to access another user's account Only use accounts that you own control.
Do not impact other users with your testing: Includes impacting an account you do not own.
Never attempt non-technical attacks: Social engineering, phishing, or physical attacks against MyGlamm employees, users, or the network infrastructure is not allowed.
Please provide detailed reports with reproducible steps: Help us verify your claim.
Duplicates: 1st report wins.
Multiple vulnerabilities caused by an underlying issue: Chaining vulnerabilities to yield high impact. i.e., High impact = Higher bounty or Hall of Fame.
Submit vulnerability wise report: 1 report. = 1 vulnerability, unless they are connected.
Privacy violations, destruction of data, and network interruption: Big NO..!!
Note: In case, if your security research includes other organizational frameworks / services that we use at Good Glamm Group, it doesn't fall under the scope of this program. Any such security research or investigation should be deemed as not authorized by our Organization, in any way.
The bug must be on one of the production websites / services / mobiles apps part of the Good Glamm Group’s online assets.
Out of scope vulnerabilities
Browser cache related issues.
Clickjacking related issues.
Issues that aren't reproducible.
Missing SPF / DMARC records.
Missing Headers / SSL issues / HSTS.
Open redirects without a severe impact.
Denial of Service (DoS, DDOS) attacks.
Self-type Cross Site Scripting / Self-XSS.
CSRF issues on actions with minimal impact.
Brute force attacks or Lack of rate limiting mechanisms.
Security bugs impacting wordpress of our inscoped websites.
Bugs that have not been responsibly investigated and reported.
Vulnerabilities that require Man in the Middle (MiTM) attacks.
Issues that we can't reasonably be expected to do anything about.
Reports of current or previous employees of Good Glamm Group.
Vulnerabilities affecting outdated or unpatched browsers / Operating Systems.
Captcha related concerns - If this is leading to account takeover it's a valid bug.