Responsible Disclosure
Hey there, security enthusiasts! At simen.ai, we’re absolutely passionate about keeping our users’ data safe and sound. We love hearing from our amazing community when you spot something that might need our attention - you’re our security superheroes!
How to report an issue
Found something interesting that’s in-scope? Awesome! Here’s how you can let us know:Email Report
Drop us a line at hi@simen.ai with all the juicy details!
GitHub Issue
Head over to our dedicated security playground: simen-ai/simen-bug and create an issue there!
Required Information
For either method, we’d love to see:1
Summary
A clear summary of what you found and why it matters
2
Reproduction Steps
Step-by-step instructions to reproduce the issue (screenshots are your friend!)
3
Environment Details
Your environment details - OS, browser, device, the whole shebang!
4
Proof of Concept
If you’re feeling fancy, some proof-of-concept code would be amazing!
Once we get your report, our security team will jump into action! We’ll keep you in the loop about our progress and might ping you for more details if needed.
Rewards & Recognition
And here’s the fun part - we absolutely believe in rewarding awesome work! If your finding has a CVSS score of 4 or higher and it’s something we haven’t seen before, you’re guaranteed some sweet financial compensation! 💰
Scope
What’s fair game? ✅
Main Website
Case Platform
API Services
Mobile & Extensions
simen.ai mobile apps and browser extensions
What’s off-limits? ❌
The following activities are strictly prohibited and will not be eligible for rewards:
Automated Testing
Automated Testing
- Automated scanning tools (let’s keep it personal!)
- Brute force attacks (we like finesse!)
Social Engineering
Social Engineering
Service Disruption
Service Disruption
- DDOS attacks (please don’t break our stuff!)
- Denial of service attacks (we need to stay online!)
Low Impact Issues
Low Impact Issues
- Clickjacking on boring pages with no sensitive stuff
- Theoretical attacks that can’t actually be exploited
Guidelines
Please follow these important guidelines when testing:
1
Test Responsibly
Please test on your own account first! If you need to test on someone else’s, make sure you have their explicit permission
2
Respect Data
Don’t copy or mess with our production data - we need that stuff!
3
Maintain Service
Keep our services running smoothly - no breaking things please!
4
Follow Policies
Stay within the bounds of our privacy policies and terms (boring but important!)
5
Responsible Disclosure
Keep your discovery under wraps until you’ve told us and we’ve had time to fix it - we promise we’ll work fast!
Happy hacking! 💚