SECURITY VULNERABILITY DISCLOSURE POLICY

If you have discovered a security vulnerability on Vendoramall, we encourage you to contact us immediately. We take all legitimate security reports seriously and aim to resolve issues as quickly as possible.

Before submitting a report, please review the guidelines below, including our responsible disclosure principles, reward program, and reporting requirements.

FUNDAMENTALS

If you follow the principles outlined below when reporting a security issue to Vendoramall, we will not initiate legal action or enforcement investigations in response to your report.

We require that you:

Provide us with reasonable time to investigate and fix the issue before any public disclosure.
Do not access or interact with accounts that do not belong to you.
Avoid violating user privacy or accessing personal data beyond what is necessary to demonstrate the issue.
Do not cause service disruption, data destruction, or degradation of services.
Do not exploit the vulnerability beyond what is required to demonstrate the issue.
Comply with all applicable laws and regulations.

SECURITY REWARD PROGRAM

Vendoramall recognizes and may reward security researchers who responsibly disclose valid vulnerabilities that help improve platform security.

Rewards are granted at Vendoramall’s sole discretion and depend on the severity, impact, and quality of the report.

To be eligible for a reward:

You must follow the responsible disclosure fundamentals above.
The vulnerability must be valid, reproducible, and have a demonstrable security impact.
Reports must be submitted through our official security reporting channel.
You agree that Vendoramall may publish or reference submitted reports in anonymized form if necessary.