Responsible
Disclosure

Responsible Disclosure: Empowering Security Advocates.

Introduction

Our systems are extremely secure at Billexpress Solutions. We still may have a weak point in our systems, even though we pay close attention to their security during product development and maintenance. Our customers and their data are protected if we are notified as soon as possible if our systems are vulnerable, so we can take immediate steps to eliminate the vulnerability.

How to report

We urge you to notify us as soon as possible if you find a security issue in one of our systems by email at security@[Mention the Email ID].

Rules

Our responsible disclosure policy does not imply an open invitation to actively scan for vulnerabilities in our network and applications. We will investigate your scan if we detect it in our continuous monitoring system.

We ask you to:

  • It is recommended that you do not share information about the security issue with others until it has been resolved, and that you delete all confidential data immediately once the issue has been resolved,
  • In order to demonstrate the leak or view, delete, or amend the data of third parties, the problem cannot be abused further,
  • Please provide as much detail as possible so that we can reproduce, validate, and resolve the issue as quickly as possible. Be sure to include your test data, timestamps, and URLs of the affected systems,
  • We will contact you about the progress of the solution if you provide your contact details (e-mail and/or phone number). Anonymous reports are welcome,
  • Don't attack physical security, use social engineering, distributed denial of service, or spam third-party applications.

Billexpress Solutions's Responsible Disclosure policy

Our response to a security issue is as follows:

  • We will confirm receipt of your report within 3 working days,
  • After receiving the confirmation of receipt, you will receive an assessment of the security issue and an estimated date for resolution within 3 working days,
  • Your report will not be subject to legal action if you follow the above conditions,
  • Your report will remain confidential and we will not share your details with third parties without your authorization, except as required by law.

Exclusions

It is not intended for:

  • Complaints,
  • Website unavailable reports,
  • Phishing reports,
  • Fraud reports,
  • Our support team can assist you with these complaints or reports.

Bug bounty program

A security issue or vulnerability may be reported to Billexpress Solutions. If anyone discloses to us a design or implementation issue that could be used to compromise the privacy or integrity of our users' data that we were unaware of, we may reward them appropriately. Reports are eligible and rewards are determined by us.

Exclusions

Excluded are the following types of security problems:

  • (D)DOS attacks,
  • Messages or error pages without sensitive information,
  • Our publicly available vulnerability scan reports,
  • OS, browser, or plugin security issues,
  • We have been notified before of security issues.

Please note: Reports lacking any proof (such as screenshots or other data), detailed information, or details on how to reproduce any unexpected result will not be investigated.