Security Disclosure
Responsible disclosure of security vulnerabilities helps us keep our users safe. We appreciate your help!
Responsible Disclosure
We welcome security researchers, ethical hackers, and the community to responsibly report security vulnerabilities. Your efforts help protect our users and improve our security posture.
What to Report
- SQL Injection, XSS, CSRF vulnerabilities
- Authentication or authorization bypasses
- Data leakage or privacy issues
- Remote code execution vulnerabilities
What NOT to Do
- Do not attempt denial of service attacks
- Do not exploit vulnerabilities beyond proof of concept
- Do not access or modify data beyond necessary testing
- Do not disclose vulnerabilities publicly before we fix them
Bug Bounty Program
We value the security community's efforts. Valid vulnerability reports may be rewarded with free plan upgrades:
Critical (RCE, SQLi)
6 months FREE of your chosen plan
High Severity
3 months FREE of your chosen plan
Medium Severity
1 month FREE of your chosen plan
Low Severity
Thank you + public recognition (if desired)
You can choose any available plan from our selection. After we confirm your valid report, you'll receive a code to upgrade your account for free.
How to Claim
Include a detailed description of the vulnerability in your report. Our team will evaluate and respond within 24 hours. Valid reports will receive plan upgrades within 7 days of confirmation.
Contact
Please report security vulnerabilities responsibly. We appreciate coordinated disclosure.
Security Reports Email
security@opengrowbox.comFor encrypted communication, our PGP key is available on request.
Response Times
24h
Initial Acknowledgment
7 days
Regular Updates
90 days
Target Fix Timeline
This program is governed by our terms of service. Researchers acting in good faith are protected from legal action. We reserve the right to modify or terminate this program at any time.