Vulnerability Disclosure

Vulnerability Disclosure

Alma Career takes data security seriously. We care about user and their data with respect. We gladly welcome any security report and we are investigating vulnerabilities and address identified problems if appropriate. Our Disclosure program encourage you to report any kind of security vulnerabilities.

Rules of our program

Please report the security issue to us without making it public at any point, inc. social media, mailing lists, message boards, discussion forums etc.

Please do not engage in security research that involves:

  • Potential or actual damage to users, businesses, people, systems, data or applications.
  • Violation of privacy rights or confidentiality of data.
  • Social engineering (including, but not limited to, phishing).
  • Disrupting or interrupting our services.
  • Port scans on our networks or executing DDoS attacks.

If you comply with the rules of our program we will not bring any lawsuit against you or ask law enforcement to investigate you, unless we have reason to believe that you did not act in good faith.

Rewards

We do not offer bug bounties or rewards.

How to disclose vulnerabilities

Please send any vulnerability report you want to that you want to disclose to security@almacareer.com. In the email please provide a brief description of following data:

  • What type of vulnerability you found?
  • How can we reproduce the vulnerability?
  • Who can use the vulnerability and benefit from it?

We gladly accept:

  • Screenshots
  • Logs
  • Etc.