Home Responsible disclosure

Responsible disclosure

Beer Idiots greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect Beer Idiots user-base from the impact of security issues. On our side, this means:

We will respond to security incidents as a priority.
We will fix the issue as soon as is practical, keeping in mind that not all risks are created equal.
We will always transparently let the members know about any incident that affects them.
If you have found a security vulnerability in idiots.beer , we ask that you disclose it responsibly by emailing dieter@idiots.beer

Please do not discuss potential vulnerabilities in public without validating with us first.

On receipt the security team will:

Review the report, verify the vulnerability and respond with confirmation and/or further information requests; we typically reply within 24 hours.
Once the reported security bug has been addressed we will notify the Researcher, who is then welcome to optionally disclose publicly but without references to Beer Idiots or data.
The Beer Idiots vzw Foundation does not currently provide a bug bounty, though organisations building on top of Beer Idiots may do so in future. We do, however, maintain a Hall of Fame to recognise those who have responsibly disclosed security issues to us in the past. Finally we will you a bottle of Rodenbach Grand Cru (2017), with 3 other local Brussels beers.

Hall of Fame

Shivam Khambe (from India) – Finding a full path vulnerability 
Kshitij Gupta – Reporting spam vulnerability
Sunil Kande – Reporting API vulnerability