Home Responsible disclosure

Responsible disclosure

Beer Idiots greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect Beer Idiots user-base from the impact of security issues. On our side, this means:

We will respond to security incidents as a priority.
We will fix the issue as soon as is practical, keeping in mind that not all risks are created equal.
We will always transparently let the members know about any incident that affects them.
Therefore Beer Idiots participates with posting a bug bounty contest on Intrigriti.com The only way to get in contact with us is by registering yourself on the Intigriti platform.

Please do not discuss potential vulnerabilities in the public without validating with us first.

If we have an active contest on Intigriti the security team will:

Review the report, verify the vulnerability and respond with confirmation and/or further information requests; we typically reply within 48 hours.
Once the reported security bug has been addressed we will notify the Researcher, who is then welcome to optionally disclose publicly but without references to Beer Idiots or data.

Currently we have Hall of Fame to recognise those who have responsibly disclosed security issues to us in the past by using the Intigriti platform

Note: If the issue is

  • Already in the hall of fame
  • Send by email and not by the Intigriti platform

We will not contact you back and you can’t come in the hall of fame

Hall of Fame

Shivam Khambe (from India) – Finding a full path vulnerability 
Kshitij Gupta – Reporting spam vulnerability
Sunil Kande – Reporting API vulnerability 
Gabriel Fernando – Reporting API config mistake
Vismit Rakhecha and Nayanjyoti Roy – Reporting xmlrpc issue
Subba – DMARC  domain issue
Tom K. – Click hijacking