BigBeeSec, a unit of Geethanjali Technologies, welcomes reports of security weaknesses in www.bigbeesec.com and its services. This policy gives good-faith security researchers a clear, safe channel to report issues and describes what we ask in return.
1. Safe harbour
If you make a good-faith effort to follow this policy, we will treat your research as authorised, will not pursue or support legal action against you for it, and will work with you to understand and resolve the issue quickly. This safe harbour applies only to activity that stays within the rules below.
2. Scope
In scope: the BigBeeSec web application and its public APIs at the bigbeesec.com domain. Out of scope: the separate hands-on lab environment, third-party services we do not control, physical attacks, social engineering of our staff or users, denial-of-service testing, and automated scanning that degrades the service.
3. Rules of engagement
- Only test against your own account and data. Do not access, modify, or delete other users' data.
- Stop as soon as you confirm a vulnerability, and do not exfiltrate more data than necessary to demonstrate it.
- Do not run denial-of-service, spam, or resource-exhaustion tests.
- Do not publicly disclose the issue until we have fixed it and agreed on timing.
4. How to report
Email security@bigbeesec.com with a clear description, the steps to reproduce, the impact, and any proof-of-concept. Encrypt sensitive details if possible. We aim to acknowledge within 3 business days and to keep you informed through triage and resolution.
5. What we ask and offer
We ask for a reasonable disclosure timeline. We will credit researchers who wish to be named once an issue is resolved. We do not currently run a paid bug bounty; this may change and will be announced if so.
6. Out-of-bounds activity
Anything outside the rules above, including testing systems you are not authorised to test, falls under the Acceptable Use Policy and the law, not this safe harbour.