CommandBar Responsible Disclosure Policy

We appreciate all security concerns – no matter how tenuous – brought to our attention, since we strive to safeguard our product from all threats, no matter how recent. Being proactive rather than reactive to emerging security issues is a fundamental principle at CommandBar. If you believe you’ve found a security vulnerability in CommandBar's service, please notify us. We will collaborate to resolve the issue promptly.

Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security[at]commandbar[dot]com. We will acknowledge your email within five (5) business days.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten (10) business days of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the CommandBar service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we would greatly appreciate if you avoid using practices that could reasonably be considered to constitute:

Distributed Denial of Service (DDoS)
Spamming
Social engineering or phishing of CommandBar employees or contractors
Any attacks against CommandBar's physical property or data centers

Thank you for helping us keep CommandBar and our customers safe!

Changes

We occasionally revise our Responsible Disclosure guidelines. The most current version of the guidelines will be available on this page (https://commandbar.com/disclosure).

Contact

CommandBar is always open to feedback, questions, and suggestions. If you would like to talk to us, please email us at security[at]commandbar[dot]com.