If you would like to report a vulnerability or have a security concern regarding OwnBackup products and services, please email ownbackup.vdp@ownbackup.com. We will respond to you and acknowledge receipt of your report within three business days.
Once your report has been submitted, we will work to validate the reported vulnerability and will reach out to you if additional information is required.
To help us triage and remediate potential findings, the vulnerability report should:
Describe the vulnerability, precisely where it was discovered, and the real-world impact.
We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the OwnBackup security team and associated development organizations will use reasonable efforts to:
Respond in a timely manner, acknowledging receipt of your vulnerability report.
We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at OwnBackup. The full copy OwnBackup Vulnerability Disclosure Policy be found here.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.