Log In

Don't have an account? Sign up now

Lost Password?

Sign Up

Disclosure Policy

Vulnerability Reporting and Security Protocols

 

Overview

At Yogyan, we are committed to the ongoing safety and integrity of our platform. We continually strive to enhance the security of our web and mobile applications. While our internal security teams are dedicated to fortifying our system, we recognize the value of the security research community. We invite ethical hackers and researchers to assist us by reporting vulnerabilities they discover. As we pursue a future of scalability, reliability, and security, we take every vulnerability disclosure seriously and encourage you to be our “extra pair of eyes.”

 

Scope of Disclosure

The following domains and services are within the scope for vulnerability reporting:

 

Accepted Vulnerabilities

We welcome reports of vulnerabilities that may include, but are not limited to, the following categories:

  • Vulnerabilities that are in direct relation to the systems listed above
  • Any issue identified in Open Web Application Security Project – Top 10 that is not already disclosed by another researcher

 

Out-of-Scope Vulnerabilities

Certain issues fall outside the scope of our program, including:

  • Any domains or platforms not listed
  • Vulnerabilities in third-party services or applications used by Yogyan
  • Issues such as self-XSS, missing cookie flags, or non-critical security misconfigurations

 

Prohibited Testing Methods

To maintain ethical standards, we do not allow:

  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks
  • Social engineering, phishing, or any type of manipulation targeting Yogyan users
  • Brute-force attacks or any testing that disrupts system functionality

 

Disclosure Process

We have simplified the reporting procedure to facilitate clear communication and effective resolution. Please fill out our vulnerability disclosure form with all relevant details. If you encounter a new exploit or impact during testing, a follow-up submission is encouraged.

 

Official Communication Channels

If you need assistance or have additional questions, kindly use our official communication channel:

  • Email: info@2xf.5af.myftpupload.com

We aim to respond within 5 business days and will provide updates as we investigate the issue.

 

Our Commitments

  • We will acknowledge and respond to your report swiftly, keeping you informed throughout the process.
  • We will strive to remediate vulnerabilities promptly and within operational constraints.
  • We will offer safe harbor for your research activities, ensuring that good faith vulnerability research is not met with legal action.

 

Expectations for Researchers

While participating in this program, we ask that you:

  • Adhere to applicable laws and respect our platform’s terms of service.
  • Avoid compromising any user or company data and restrict your testing to authorized areas.
  • Use only official channels to report your findings and refrain from disclosing vulnerabilities until we have resolved the issue.

 

Confidentiality and Safe Harbor

We assure you that all information related to vulnerabilities will remain confidential. As long as you follow the guidelines outlined in this policy, we will consider your research to be authorized, and you will be exempt from legal action concerning accidental violations. We also guarantee that your vulnerability research will not be hindered by any contractual obligations.

 

Rewards and Recognition

While we currently do not offer a financial reward for reported vulnerabilities, we honor those who contribute by recognizing them in our “Hall of Fame.” If you choose to disclose your findings publicly, we will facilitate that process once the issue has been addressed. To maintain fairness, we only recognize the first reporter of any vulnerability.