Responsible Disclosure and Vulnerability Policy
Jamborow welcomes responsible security research conducted lawfully and in good faith.
Researchers should report suspected vulnerabilities to security@jamborow.co.uk. Reports should include affected URL/API, vulnerability type, steps to reproduce, impact and contact details.
Researchers must not access, modify, delete, exfiltrate or disclose personal data; disrupt services; perform denial-of-service testing; use social engineering; compromise third-party systems; or publicly disclose vulnerabilities before Jamborow has had a reasonable opportunity to investigate and remediate.
Jamborow will aim to acknowledge valid reports, investigate promptly and communicate remediation progress where appropriate.