HomeVulnerability Disclosure Program

Vulnerability Disclosure Program

🔗 Cliquez ici pour voir la version Française

At RGOODS, security is our top priority. We work tirelessly to achieve our security objectives and ensure the sustainability of our white-label SaaS solutions for associations. In particular, we do everything possible to guarantee the integrity, availability, and confidentiality of our customers’ data. However, we are human, and sometimes we may overlook something.

We invite anyone (whether an IT security professional or simply someone aware of these issues) to collaborate with us in identifying and fixing potential vulnerabilities.

Here’s how you can help us and what you can expect from us in return.

✉️ How to report a vulnerability?

All reports can be sent to security@rgoods.com.

If you wish and are able to encrypt your message, you can use our PGP key available at the bottom of this page.

âś… What you can do:

  • Report even if you’re unsure: Reach out to us even if you have doubts; we appreciate any contribution to our effort.
  • Write in the language of your choice: Our team is fluent in both English and French, but we will adapt to any feedback.
  • Be as thorough as possible: Try to include as much information as possible (both technical and non-technical) in your report to help us reproduce and fix the vulnerability.
  • Minimize impacts: Do your best to ensure that your tests do not degrade the performance and security of our services.

❌ What you should not do:

  • No exploitation: If you discover a vulnerability, do not compromise our services (modifying a system, accessing, or altering data). Instead, contact us as soon as possible.
  • No premature disclosure: Do not share vulnerabilities publicly (on blogs, forums, social networks, etc.) without our permission.
  • No social engineering: Do not attempt to contact our employees, clients, partners, or users directly.

đź’Ş Our commitment:

  • Responsiveness: We take your reports seriously and will keep you informed about our analysis progress. Initial acknowledgment within 3 business days, confirmation, and expected resolution date within 5 business days.
  • Legal safety: We will not take any legal action against you if you adhere to the above guidelines.
  • Confidentiality: Our collaboration will remain entirely private, and our communications will be confidential.
  • Recognition: Your name will be listed in our Hall of Fame if you wish.

Thank you for looking out for us!

🔗 Security PGP key

 

 

 

 

Â