Purpose
The purpose of the Policy is to establish the rules for the review, evaluation, application, and verification of system updates to mitigate vulnerabilities in the IT environment and the risks associated with them. If you believe you have discovered a security or privacy vulnerability in the TaxDome product, please report it to us.
Bounty Eligibility
Any security researcher is required not to take any destructive action that could result in:
- Loss of data from other users
- Denial of Service for other users
- Add to any Block List
In case you suspect that a vulnerability of this kind exists, please contact TaxDome development team at security@taxdome.com.
Program Rules
Please note, we only pay fees for original reports. In case of a duplicate, we will inform you when the first report was registered.
For the protection of our customers, TaxDome doesn’t disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.
In certain cases, TaxDome pays rewards for sharing critical security issues.
Ineligible Reports:
- Everything that is not under our control (third-party services)
- Everything that requires physical access to device or network
- Everything that requires outdated versions of software or hardware
- Social engineering, phishing etc.
- Recommendations and best practices, as long as there is no specific exploit
How To Report a Security or Privacy Vulnerability
- If you believe you have discovered a security or privacy vulnerability that affects TaxDome software, services, or web servers, please report it to us.
- We welcome reports from everyone, including security researchers, developers, and customers.
- To report a security or privacy vulnerability, send an email to security@taxdome.com and include relevant videos, crash logs, and system diagnosis reports in your message.
- You’ll receive a reply from TaxDome to acknowledge that we received your report. We’ll contact you if we need more information.
