dark mode light mode Search
Search

Vulnerability Disclosure Program (VDP)

Last Modified: 04 October 2024

Bigger Picture Faith values the security of its systems and data. If you discover a potential security vulnerability, we kindly request that you report it in accordance with the guidelines outlined below.

Guidelines for Disclosure

If you identify a potential security issue, please adhere to the following:

  • Refrain from actions that could compromise user privacy, degrade service, or manipulate data.
  • Use only the minimum necessary exploits to confirm the vulnerability without causing disruption.
  • Upon discovering a vulnerability, cease all related activities and notify us immediately.
  • Allow us a reasonable period to address reported issues before sharing any details publicly.

Prohibited Actions

We expect all researchers to maintain responsible conduct. The following actions are strictly prohibited:

  • Engaging in phishing or social engineering.
  • Executing denial-of-service attacks or exhausting resources.
  • Breaching our Privacy Policy.
  • Making contact with site users.
  • Storing or sharing user data.
  • Sharing screenshots containing uncensored user data.
  • Testing third-party services without authorization.

Excluded Vulnerabilities

The following types of vulnerabilities are not eligible for submission:

  • Theoretical vulnerabilities or issues related to password strength.
  • Enumeration of directories, files, or assets.
  • Vulnerabilities that do not directly impact the security of Bigger Picture Faith.

Submission Instructions

When reporting a potential vulnerability, please include the following details:

  • A summary of the issue.
  • Steps taken to discover the vulnerability.
  • Any tools or methods used.

Please send your findings to [email protected] with “Vulnerability Disclosure” in the subject line.

Acknowledgment

Bigger Picture Faith appreciates the work of security researchers. While we do not operate a public bug bounty program and are not in a position to offer rewards for submissions, we will acknowledge contributions for previously unknown vulnerabilities at the bottom of this VDP. Upon request, we can also provide a statement acknowledging your efforts.

Good-faith activities conducted in compliance with this program will not result in legal action against you. Bigger Picture Faith reserves the right to modify or terminate this program at any time.