At Draply, we consider the security of our marketplace, related systems, and data very important. Despite our concern for its security, a vulnerability can still occur. If you find a weak spot in our systems, please let us know so that we can take measures as quickly as possible. We would like to work with you to better protect our systems, data, and users.
Point of contact
Send your findings and contact information to security@Draply.com.
Procedure
Report your findings as soon as possible and only to the aforementioned point of contact.
Please provide enough information about the problem so that we can reproduce it and resolve it as soon as possible. Usually the IP address or URL of the affected systems and a description of the vulnerability is sufficient, but more complex security problems may require more.
We will send you an acknowledgment of receipt within ten days, along with a reminder of your duty of confidentiality and the next steps of the procedure. We will inform you at the right time about the progress of the solution of the problem.
We will investigate your report by reproducing the vulnerability. We also carefully assess the seriousness of the reported security problem.
The goal of our policy of coordinated vulnerability disclosure is to work out solutions before harm can be done. We will therefore solve the problem as quickly as possible, depending on the risks associated with the vulnerability.
Publication
If you wish to share the existence of a security issue with a third party, we ask you to
- only do that after we have resolved it;
- to notify us one month in advance to give us the opportunity to respond;
- to allow us to decide in consultation with you how to share the existence of the problem;
- not identify Draply directly or indirectly in your publication without our express consent.
