Report a Security Issue

 1. Overview
 At Kathryne Reichert, we take the protection of our systems and client information very seriously.  We appreciate the contribution the security research community makes to maintaining the safety of the internet.  We encourage you to responsibly and discreetly notify us of any potential security flaws you find on our website (kathrynereichert.shop) or in any of our systems if you are a security researcher.

 As long as security researchers adhere to the rules and guidelines outlined below, this policy is intended to enable them to report vulnerabilities to us without worrying about facing legal repercussions.

 2. Our Dedication
 We are dedicated to collaborating with the security community to promptly verify, replicate, and address valid vulnerability reports.  We'll try our best to respond to your report within 48 business hours, and we'll update you on our progress as we try to fix the problem.

 3. How to Report a Vulnerability in Security
 Kindly notify us directly and in private of any suspected security flaws.  This policy will be broken if information is made public, including on social media or in public forums, before the problem has been fixed.

 Please email security@kathrynereichert.shop to report a vulnerability.

 You can reach us by phone at +44 724-639-3089 if you are unable to use email.  Kindly make it apparent that you are calling in reference to a security vulnerability report.

 4. Details to Add to Your Report
 Please supply as much of the following details as you can so that we can quickly comprehend and prioritize your report:

 Examples of vulnerability types include SQL Injection, Authentication Bypass, and Cross-Site Scripting (XSS).

 The complete URL of the page where the vulnerability was discovered is known as the "Affected URL."

 Detailed  Instructions: Comprehensive, repeatable procedures to assist us in comprehending and validating the problem.  Videos, screenshots, and proof-of-concept code are all very useful.

 Potential Impact: An explanation of the vulnerability's possible security implications.

 Your Contact Details:  Name and contact information (e.g., email, PGP key, Signal).  We value your privacy, so if you would like to report anonymously, please let us know, though it might make working together more challenging.

 5. The Rules of Engagement: What We Expect of You
 You must follow these guidelines to make sure your research is accepted as valid and falls under the purview of this policy:

 Never access or alter data that is not yours.  This includes gaining access to the account or private information of another user.  Please get in touch with us if you require a test account, and we will furnish one.

 Do not conduct any testing or Denial of Service (DoS/DDoS) attacks that might impair other users' ability to use our services.

 Avoid using spam, phishing, social engineering, and physical attacks.  This also applies to our clients or staff.

 Avoid using worms, viruses, or any other harmful software.

 Don't steal any information.  Stop your research right away, get in touch with us, and don't save, store, or distribute any sensitive information you come across—personal or otherwise.

 Before you make the problem public, give us a fair amount of time to fix it.  Our goal is to quickly resolve important issues.

 6. Vulnerabilities Outside of Scope
 The following problems are typically regarded as outside the purview of rewards:

 vulnerabilities on external websites or services (like PayPal) that integrate with us.

 Clickjacking without any sensitive actions on the page.

 SSL/TLS configuration is lacking best practices (e.g., support for outdated protocols).

 descriptive error messages that don't show signs of exploitability, like stack traces.

 Banner identification and software version disclosure.

 vulnerabilities that call for incredibly improbable user interaction.

 Brute-force attacks against accounts you don't own on login pages.

 absence of security headers (such as CSP and HSTS) in the absence of a proven exploit.

 7. Legal Protection (Safe Harbour)
 We view coordinated disclosure and vulnerability research carried out in compliance with this policy as:

 approved in light of any relevant anti-hacking legislation, such as the UK Computer Misuse Act 1990.

 free from limitations in our terms of service that would prevent us from carrying out security research.

 For security research, we won't bring legal action against you or assist with it unless you:

 Test without endangering our systems, Kathryne Reichert, or our clients.

 Make every effort to prevent data loss, privacy violations, and service outages or degradation.

 Respect all of the terms stated in this policy.

 8. How We Do It

 Within 48 business hours, we will confirm that we have received your report.

 Investigation: In order to ascertain the report's veracity and seriousness, our team will conduct an investigation.

 Communication: We'll update you on our progress.  We might get in touch with you for more details.

 Resolution: We'll let you know as soon as the vulnerability is fixed.  We are pleased to give you credit as the discoverer, if you do not mind.

 9. Appreciation
 We sincerely appreciate the time and effort put into helping to strengthen our security, even though as a small business we are unable to provide a cash bug bounty reward at this time.  We would be honored to publicly recognize your responsible disclosure as a thank you (if you wish).

 10. Use security@kathrynereichert.shop as your primary email address.
 Contact@kathrynereichert.shop is the backup contact.  (The subject line should read "SECURITY REPORT - URGENT.")
 Telephone: (444) 724-639-3089

Free UK Delivery

On all orders. Delivered in 5-7 days.

We're Here to Help

Reach us atcontact@kathrynereichert.shop

 Share & Earn

Refer a friend and both get 10% off your next order!

Secure Checkout

Powered by PayPal. Your payment info is always protected.