We work with leading researchers, vendors, and products to keep on the cutting edge of security. We also recognize, however, the important contributions that our users and the security research community can make, and want to encourage the responsible reporting of problems with our service. If you believe you have discovered a problem with our service, please contact us at security@blippy.com right away.
We promise to respond to all reasonable reports of potential security problems as soon as we can, usually within 24 hours. If you report a problem, we will:
Acknowledge your report, and provide you with contact information for our team as we investigate;
Work with you to understand the problem, and consult with you about the best way to address it;
Work with other organizations, if necessary, to ensure that other sites and services are protected too;
Keep you in the loop as this process takes place; and
Give you credit, if you wish, for helping us.
By reporting problems to us in a responsible manner you enable us to address issues and protect our users in a timely fashion. We recognize, however, that legitimate and well-intentioned researchers are sometimes blamed for the problems they disclose. In order to encourage responsible reporting practices, we promise not to bring legal action against researchers in response to a disclosure, provided they:
Share full details with us before making them public.
Give us a reasonable amount of time to address the issue before disclosing the issue to anyone other than us. We will try to act quickly, but some aspects of our system are complicated and may take time to patch and test.
Do not intentionally harm the experience or usefulness of Blippy for others. For example, do not spam the site, or do anything that might cause a denial of service.
Never attempt to view, modify, or damage data belonging to others.
This pledge is intended to balance the protections and guarantees necessary to encourage responsible disclosure against our own requirements and responsibilities for data security. This is not an invitation to test the security of our service without authorization. It is simply a reflection of our belief that security researchers are the good guys, but that they may be wary of reporting issues to us for fear of legal consequences. If you have any questions about this commitment, or have any doubts about whether your tests are appropriate, you should contact us before proceeding.