Security Issues
Security Issues
1. Reporting Security Issues
If you discover a security vulnerability on sobmart.com, we encourage responsible disclosure.
Contact us immediately via email:
security@sobmart.com
2. Responsible Disclosure Fundamentals
To qualify for protection under this policy, you must:
- ✅ Provide reasonable time to address the issue before public disclosure.
- ✅ Avoid privacy violations (no unauthorized account or data access).
- ✅ Not exploit vulnerabilities (e.g., data theft, service disruption).
- ✅ Comply with all applicable laws.
Violations may result in legal action.
3. Bounty Program Eligibility
Monetary rewards may be awarded at Sobmart’s discretion for qualifying vulnerabilities.
Requirements:
- Adhere to the Fundamentals (Section 2).
- Submit a detailed report with reproducible steps.
- Do not contact employees directly—use designated channels.
4. Reward Tiers
| Severity | Examples | Max Bounty |
|---|---|---|
| Critical | Remote code execution, SQL injection, admin privilege escalation | $200 |
| High | Authentication bypass, sensitive data leaks, stored XSS | $100 |
| Medium | Business logic flaws, insecure object references | $50 |
| Low | Open redirects, reflective XSS | Recognition |
5. Exclusions
The following are not eligible for bounties:
- Vulnerabilities in third-party services.
- Low-risk issues (e.g., UI bugs, theoretical CSRF).
- Reports lacking proof of exploitability.
6. Submission Process
Email your report to security@sobmart.com with:
- Description of the vulnerability.
- Steps to reproduce (screenshots/videos preferred).
- Impact assessment.
You will receive confirmation within 5 business days.
7. Policy Updates
We reserve the right to modify the terms of this program. Researchers will be notified of any changes.
Need Help?
Contact our security team via email:
security@sobmart.com