At Fieldster, we are committed to protecting the security and privacy of our users. We welcome the security community’s help in identifying potential vulnerabilities in our systems. If you discover a bug or security issue, we encourage you to report it responsibly through our disclosure process outlined below. While we do not offer monetary rewards, we deeply value your contributions and will acknowledge your efforts where appropriate.
How to Report a Bug
Please submit details of any potential vulnerabilities to our dedicated email address: bug-submission@fieldster.io. To help us address the issue quickly, include the following in your report:
- A clear description of the vulnerability, including steps to reproduce it.
- The potential impact of the issue (e.g., data exposure, service disruption).
- Any relevant technical details, such as affected systems, URLs, or screenshots (please avoid including sensitive data).
- Your contact information (optional, if you wish to be acknowledged or updated). We kindly ask that you:
- Act responsibly: Do not exploit the vulnerability beyond what is necessary to demonstrate the issue and follow the Ethical Standards outlined below.
- Protect user privacy: Avoid accessing, modifying, or disclosing any user data.
- Give us time to respond: Allow us a reasonable timeframe to investigate and resolve the issue before disclosing it publicly.
- Comply with laws: Ensure your actions adhere to applicable local and international laws.
Our Commitment
Upon receiving your report, we will:
- Acknowledge receipt of your submission within 5 business days.
- Investigate the issue promptly and keep you informed of our progress if you provide contact details.
- Work diligently to remediate confirmed vulnerabilities.
- Publicly acknowledge your contribution (if you agree), such as in a “Thank You” post on our social media account(s), unless you prefer to remain anonymous.
Ethical Standards
We believe in fostering a collaborative and ethical approach to security. When reporting vulnerabilities, we ask that you adhere to the following principles:
- Do no harm: Avoid actions that could disrupt our services, compromise user data, or harm our systems.
- Respect boundaries: Please see the details for scope boundaries below. Only test systems and services explicitly owned by Fieldster. Third party services (e.g., cloud providers, external vendors) are out of scope.
- Act in good faith: Report issues with the intent to improve security, not for personal gain or malicious purposes.
- Maintain confidentiality: Do not share details of the vulnerability with others until we have had a reasonable opportunity to address it.
Scope
This disclosure process applies to vulnerabilities found in Fieldster’s web applications, APIs, and other systems explicitly owned and operated by Fieldster. If you’re unsure whether a system is in scope, please contact us at bug-submission@fieldster.io for clarification.
Out of Scope
The following activities are not permitted:
- Denial-of-service (DoS) attacks or actions that degrade service availability.
- Social engineering, phishing, or physical attacks against Fieldster employees, offices, or users.
- Automated scanning or testing that generates excessive traffic.
- Accessing or modifying data that does not belong to you.
- Public disclosure of vulnerabilities without giving us reasonable time to respond.
No Monetary Compensation
Please note that Fieldster does not operate a bug bounty program and does not offer monetary rewards for vulnerability reports. However, we greatly appreciate the time and expertise of those who help us improve our security. Contributors who report significant issues responsibly may be recognized in our public acknowledgments at our discretion.
Legal Safe Harbor
We value the efforts of security researchers acting in good faith. If you follow the guidelines outlined here, Fieldster will not pursue legal action against you for your research activities, provided they are conducted responsibly and in compliance with applicable laws.
Contact Us
For all vulnerability reports or questions about this process, please email bug-submission@fieldster.io. We look forward to working with you to keep our systems secure.
Thank you for helping us protect our users!