The information on this page is intended for security researchers interested in responsibly reporting security vulnerabilities to the Digitalmain security team. Security requires transformation and there is no better way to transform a security program than to engage directly with our customers and users. It is that engagement, along with a strong belief in the collaboration with the security community, that is the key to maintaining a secure environment for all of our users. If you believe you've discovered a security vulnerability on or within a Digitalmain product, service, or application, we strongly encourage you to inform us as quickly as possible. We ask that such vulnerability reports be kept private and researchers not make those public until we have resolved the issue. In return, we will work to review reports and respond in a timely manner. Digitalmain will not seek judicial or law enforcement remedies against you for identifying security issues, so long as you (1) comply with the policies set forth herein; (2) do not compromise the safety or privacy of our users; and (3) do not destroy any sensitive data you might have gathered from Digitalmain as part of your research once issues are resolved. Thanks for your help!
Please read the following carefully to understand how we will collect, use and maintain your personal information. It also describes your choices regarding use, access and correction of your personal information.
We are primarily interested in hearing about the following vulnerability categories:
The following vulnerability categories are considered out of scope of our responsible disclosure program and should be avoided by researchers.
Please note that you are expected to engage in security research responsibly. For example, if you discover a publicly exposed password or key, you should not use the key to test the extent of access it grants or to download or exfiltrate data in order to prove it is an active key. Similarly, if you discover a successful SQL injection, you are expected not to exploit the vulnerability beyond any initial steps needed to demonstrate your proof-of-concept. Excessive exfiltration or downloading of Digitalmain data, or demanding payment in return for destruction of Digitalmain data, will be considered outside of the scope of this program, and Digitalmain will reserve all of its rights, remedies, and actions to protect itself and its users.
Please drop an email to firstname.lastname@example.org to report security vulnerabilities to Digitalmain.