At MacPaw, the company behind Moonlock, our goal is to offer the best and the most secure products to our customers.
MacPaw’s security team acknowledges the valuable role that independent security researchers play in Internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found on MacPaw’s websites (including moonlock.com) or within our applications. MacPaw is committed to cooperating with security researchers to verify and address any potential vulnerabilities that are reported to us.
Please review the terms below before you test and/or report a vulnerability. MacPaw pledges not to initiate any legal actions against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.
Reporting a potential security vulnerability
If you have found a vulnerability or other security issue within our infrastructure or products, please feel free to contact us at [email protected]. Please provide full details of the suspected vulnerability so that the security team at MacPaw has enough data to reproduce and validate the issue. Security researchers are also encouraged to sign up for MacPaw’s Bug Bounty Program.
MacPaw does not permit the following types of security research
While we encourage you to report the vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:
- Performing actions that may negatively affect MacPaw or its users (e.g. Spam, Brute Force, Denial of Service).
- Accessing, or attempting to access data or information that does not belong to you.
- Destroying, corrupting, or attempting to destroy and corrupt data or information that does not belong to you.
- Conducting any kind of physical or electronic attack on MacPaw personnel, property, or data centers.
- Applying social engineering techniques towards MacPaw’s service desk, employees or contractors.
- Conducting vulnerability testing of company services using anything other than test accounts.
- Violating any laws or breaching any agreements in order to discover vulnerabilities.
Rewards
Potential security vulnerabilities will be triaged and rewarded according to the rules of the MacPaw Bug Bounty Program. Please contact [email protected] if you would like to participate.