Responsible Disclosure Policy

Data security is a priority at TutorPanel. If you are a security researcher and have discovered a security vulnerability in the TutorPanel service, we appreciate your help in disclosing it to us in a responsible manner.

TutorPanel will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate access to the Service of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. TutorPanel reserves all of its legal rights in the event of any noncompliance.

Testing

You may test only against an Account for which you are the Account owner or a Member authorized by the Account owner to conduct such testing. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you or attempt to do any of the foregoing. You are also prohibited from:

  • executing or attempting to execute any “Denial of Service” attack;
  • knowingly posting transmitting, uploading, linking to, sending or storing any Malicious Software;
  • testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes or other forms of duplicative or unsolicited messages;
  • testing in a manner that would degrade the operation of the Service;
  • testing third party applications or websites or services that integrate with or link to the Service.

Reporting

Share the details of any suspected vulnerabilities with us by sending an email to support@tutorpanel.com. Please do not publicly disclose these details without express written consent from TutorPanel. In reporting any suspected vulnerabilities, please include the following information:

  • Vulnerability details with information to allow us to efficiently reproduce your steps
  • Your email address
  • Your name as it should be displayed on this page if you would like it to be
  • Your Twitter handle or website as it should be displayed if you would like it to be

Compensation Requests

Requests for monetary compensation in connection with any identified or alleged vulnerability will be deemed noncompliant with this Responsible Disclosure Policy.

Our Commitment

If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, TutorPanel commits to:

  • Promptly acknowledge receipt of your vulnerability report
  • Provide an estimated timetable for resolution of the vulnerability
  • Notify you when the vulnerability is fixed
  • Publicly acknowledge your responsible disclosure

Contributors

TutorPanel thanks the individuals and organizations listed below for identifying security vulnerabilities in accordance with this Responsible Disclosure Policy.

2020

Kashif Shoukat