Security

17145608 Canada Inc., operator of breadboardhub, welcomes reports from security researchers. This page explains how to report a vulnerability and what you can expect from us.

Reporting

Email security@breadboardhub.com with a description of the issue, the steps to reproduce it, and any relevant details. If you wish to encrypt your report, ask us for a key. We also publish a /.well-known/security.txt file.

What to expect

We aim to acknowledge your report within 3 business days. We will investigate, keep you informed of progress, and let you know when the issue is resolved. We appreciate responsible disclosure and will credit you if you wish, once a fix is in place.

Safe harbor

If you make a good-faith effort to follow this policy, we will not pursue legal action against you for your research. To stay within good faith, please:

• only test against your own accounts or data, never other users'
• do not access, modify, or delete data that is not yours
• do not degrade, disrupt, or overload the Service
• do not publicly disclose the issue until we have had a reasonable chance to fix it

Out of scope

Reports that are out of scope include automated scanner output without a demonstrated impact, social engineering of our staff or users, and issues in third-party services we use (please report those to the relevant provider).

Contact

security@breadboardhub.com