Disclaimer

  1. Words on this blog are our own and does not represent teams/companies/servers we are part of or any person we work along with.
  2. What you read here might not be legal to practice. We are not responsible for your actions. All the information available on this blog is for ethical practice of hacking and securing the software.
  3. Bug Bounty Policies and vulnerability disclosure policies are not a permit to dump the database. Think before taking any action. Use your brain. You are warned.
  4. Hacking might be illegal as a whole in your country. As mentioned before, we are not responsible for your actions.
  5. To find the security issues and fix bugs, we collect some publicly available information as well as exploit some vulnerabilities to gain more information about the vulnerability and to demonstrate the issue to the customer that is always the vendor.
  6. We are always bound to the vulnerability disclosure rules and always report to the vendor itself.
  7. We may contact you via email regarding a security issue in your product. By that we are not in anyway threatening or asking for any monetary prize.
  8. Vulnerability will be responsibly disclosed after confirmation of fix of the vulnerability and permission from the vendor.
  9. In rare cases when vendor does not replies back (suggesting that the product is abandoned) we might disclose the vulnerability to help the users stay secure.
  10. In rare cases when vendor denies to fix the vulnerability (suggesting that they don't care for their users) we might disclose the vulnerability to help the users stay secure.
  11. In rare cases when vendor accepts the issue but does not fixes it for a very long time (suggesting they don't care for their users), we might disclose the vulnerability after informing the vendor several times (depending on the vulnerability, long time can range from 3 months to many years and generally speaking, 8 months).
  12. If you want us to not audit your product, simply write to us at vi [at] hackberry [dot] xyz.