Reporting Security Vulnerabilities -
poker real money supports the security research community and welcomes reports of vulnerabilities in its infrastructure / products. poker real money treats all reports with high priority. poker real money is committed to reviewing and addressing any identified security issues through a coordinated and constructive approach.
Security researchers, industry groups, government organizations, vendors, and partners are encouraged to report any potential vulnerabilities to poker real money using the submission instructions below.
Submission Instructions –
It is important to include the following information in the report to poker real money:
• Your name and contact information
• Organization (if applicable)
• poker real money products/solutions with versions / any infrastructure affected
• A detailed description of the potential vulnerability
• Supporting technical details, including descriptions or examples of exploit/attack code, packet captures, and steps to reproduce the issue
• Any known information about active/new exploits
• Assumed impact / severity
Acknowledgement after receiving a report -
Once a report is properly submitted to the firstname.lastname@example.org , poker real money’s Security Team will provide acknowledgement of receipt of your vulnerability report within 48 to 72 business hours of submission. If the report is submitted during the weekend or a U.S. public holiday, it will be acknowledged in the next 48 to 72 business hours.
Compliance Guidelines –
To protect poker real money’s employees, partners and the business, it requests any external security researchers / groups to maintain compliance with this policy. poker real money takes security issues very seriously, and as you know, some vulnerabilities take longer to resolve than others.
A report will be considered as compliant ONLY if the following guidelines are adhered to by the reporting party:
• Any finding is not publicly disclosed without express written consent from poker real money.
• Any submission is ONLY made to the email@example.com distro.
• Only communication method(s) approved and stated by poker real money after submission are used.
• No disruptive testing like Denial of Service (DoS) or any similar action is performed that could impact the confidentiality, integrity or availability of poker real money’s infrastructure / products.
• No social engineering attacks against poker real money employees, partners, or representatives are performed.
• No physical security attacks are committed against any person or entity associated with poker real money.
• No payment or other rewards are demanded as a condition of providing information on any security vulnerabilities.
• No exploitation is performed of any vulnerability discovered to view data or alter data without explicit authorization.
• No testing of third-party applications, websites, or services that integrate with or link from or to poker real money.
Please note that poker real money currently does not offer a bug bounty program or compensation for disclosure. But if you have reported an issue that is determined to be a valid security issue and have followed all poker real money’s guidelines, poker real money will recognize and credit you for the finding (if you are the first one to report a unique vulnerability) in poker real money’s Hall of Fame / Quarterly Report, in addition to providing you with any available swag. You will be allowed to disclose the vulnerability after a fix has been issued by poker real money, and poker real money has formally approved the disclosure.
Please refer any questions on this to firstname.lastname@example.org