We invite you to investigate vulnerabilities in Maroo as long as your research follows this responsible research and disclosure policy.
What you need to do
• Avoid harm or risk to Maroo, our users, or third parties • Don't disclose your findings without our agreement • Report through a legitimate channel
What you can't do
• No privacy violations • No deletion or damage of resources • No lasting harm • Nothing that degrades our service • No creation or sharing of inappropriate content • No targeting our staff, investors or physical environment
How we will respond
If you follow these guidelines, we commit to: • Not pursuing or supporting legal action related to your research • Working with you to understand issues, and resolve them if Maroo considers it necessary • Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our program's scope
As part of encouraging security researchers to put our security to test, we offer a variety of rewards for doing so if:
• The reported vulnerability is verifiable • It hasn't been reported already • You conducted your activities in a manner consistent with our guidelines
Rewards are provided at Maroo sole discretion based on severity of the bug and quality of the report.