At TopFunnel, we treat building secure software as our highest priority. We understand that both our success and yours depends on our protecting you from the latest security threats. We hope that if you discover a security vulnerability in our product, you’ll share it with us immediately.
In the best interest of our customers and Internet users worldwide, we ask that you follow the guidelines of responsible disclosure:
TopFunnel’s Vulnerability Disclosure Program applies to security vulnerabilities discovered in our web site or other public facing software running on the www.topfunnel.co domain.
These are the vulnerabilities we are looking for:
Bugs not listed will be accepted at our discretion.
We ask security researchers to please adhere to the following guidelines:
In addition, please allow TopFunnel at least 90 days to fix the vulnerability before publicly discussing or blogging about it. We believe that security researchers have a First Amendment right to report their research and that disclosure is highly beneficial. We also understand that it is a highly subjective question of when and how to hold back details so as to mitigate the misuse of vulnerability information. If you believe that earlier disclosure is necessary, please talk to us so that we can begin a conversation.
If you believe you have discovered a vulnerability in one of TopFunnel’s products, please let us know by sending a report to firstname.lastname@example.org.
To help us quickly identify and fix the vulnerability, please include the following information in your report:
We greatly appreciate the efforts of those security researchers who identify vulnerabilities and work with us to ensure that we can develop a fix and issue it to all our customers. We thank you for going out of your way to help us minimize the risk to our customers as well as help us to improve the security of our products.