Vulnerability Disclosure Policy

Effective date: December 27, 2019

At MacPaw, our goal is to offer the best and the most secure products to our customers.

MacPaw's security team acknowledges the valuable role that independent security researchers play in Internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found on our website or within our applications. MacPaw is committed to cooperate with security researchers to verify and address any potential vulnerabilities that are reported to us.

Please review the terms below before you test and/or report a vulnerability. MacPaw pledges not to initiate any legal actions against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.

Reporting a Potential Security Vulnerability

If you have found a vulnerability or other security issue within our infrastructure or products, please feel free to contact us at [email protected]. Please provide full details of the suspected vulnerability so that the security team at MacPaw has enough data to reproduce and validate the issue. Security researchers are also encouraged to sign up for MacPaw's Bug Bounty Program.

MacPaw Does Not Permit the Following Types of Security Research

While we encourage you to report the vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:

  • Performing actions that may negatively affect MacPaw or its users (e.g. Spam, Brute Force, Denial of Service).
  • Accessing, or attempting to access data or information that does not belong to you.
  • Destroying, corrupting, or attempting to destroy and corrupt data or information that does not belong to you.
  • Conducting any kind of physical or electronic attack on MacPaw personnel, property, or data centers.
  • Applying social engineering techniques towards MacPaw's service desk, employees or contractors.
  • Conducting vulnerability testing of company services using anything other than test accounts.
  • Violating any laws or breaching any agreements in order to discover vulnerabilities.

Rewards

Potential security vulnerabilities will be triaged and rewarded according to the rules of the MacPaw Bug Bounty Program. Please contact [email protected] if you would like to participate.