=============================================================================== LINKBINARY SECURITY POLICY =============================================================================== Last Updated: September 26, 2024 ------------------------------------------------------------------------------- 1. INTRODUCTION ------------------------------------------------------------------------------- LinkBinary is committed to ensuring the security of our systems and our clients' data. We welcome security researchers to help us maintain high security standards. This policy provides guidelines for conducting vulnerability discovery activities and submitting discovered vulnerabilities to us. ------------------------------------------------------------------------------- 2. SCOPE ------------------------------------------------------------------------------- This policy applies to the following LinkBinary assets: - Main website: www.linkbinary.com - Secondary domain: linkbinary.com.np - All subdomains of linkbinary.com - All subdomains of linkbinary.com.np - Client portals and APIs - Web, Mobile, and Desktop sites and applications developed by LinkBinary ------------------------------------------------------------------------------- 3. OUT OF SCOPE ------------------------------------------------------------------------------- The following are explicitly OUT of scope: - Systems, networks, or applications belonging to our clients - Third-party services we use but do not control - Social engineering attacks on our employees - Physical security of our offices - Denial of Service (DoS) attacks ------------------------------------------------------------------------------- 4. REPORTING A VULNERABILITY ------------------------------------------------------------------------------- If you discover a security vulnerability: 1. Email your findings to security@linkbinary.com 2. Encrypt sensitive information using our PGP key (available at https://www.linkbinary.com/pgp.asc) 3. Include in your report: - Description of the vulnerability - Steps to reproduce - Potential impact - Recommendations for mitigation ------------------------------------------------------------------------------- 5. OUR COMMITMENT ------------------------------------------------------------------------------- When you submit a vulnerability report, we will: 1. Confirm receipt within 3 days 2. Provide an initial assessment within 5 business days 3. Keep you informed of our progress ------------------------------------------------------------------------------- 6. SAFE HARBOR ------------------------------------------------------------------------------- LinkBinary will not pursue legal action against researchers for good faith efforts to follow this policy. ------------------------------------------------------------------------------- 7. GROUND RULES ------------------------------------------------------------------------------- We ask that you: 1. Follow this policy and our terms of service 2. Report vulnerabilities promptly and directly to us 3. Give us time to respond before any public disclosure 4. Avoid violating privacy, disrupting systems, or destroying data 5. Only interact with your own accounts or those you have permission to access ------------------------------------------------------------------------------- 8. REWARDS AND ACKNOWLEDGMENTS ------------------------------------------------------------------------------- While we do not offer monetary rewards, we will: 1. Acknowledge your contribution on our Hall of Fame page (if desired) 2. Offer to credit you when announcing security updates (with your permission) ------------------------------------------------------------------------------- 9. DISCLOSURE POLICY ------------------------------------------------------------------------------- LinkBinary follows responsible disclosure practices: 1. We will validate and confirm reported issues 2. We will address confirmed vulnerabilities promptly 3. We will notify you when the vulnerability is fixed 4. We may publicly acknowledge your responsible disclosure (with your agreement) ------------------------------------------------------------------------------- 10. CONTACT ------------------------------------------------------------------------------- For questions or to report a vulnerability: Email: security@linkbinary.com PGP Key: https://www.linkbinary.com/pgp.asc Thank you for helping keep LinkBinary and our users and customers safe! ===============================================================================