At BLR Pods, we take the security of our systems and the privacy of our users seriously. We are committed to maintaining the highest standards of security and appreciate the role that security researchers and the broader security community play in enhancing our security posture. If you have discovered a potential security vulnerability in our systems, we encourage you to disclose it to us responsibly.

Reporting a Vulnerability

If you believe you have found a security vulnerability on our website or in any of our services, please follow these steps to report it to us:

1. Email Us: Send an email with the subject line "Security Vulnerability Report". Include a detailed description of the vulnerability, steps to reproduce it, and any relevant screenshots or proof of concept.
2. Include Details: Your report should include the following information:
   • A description of the vulnerability and its potential impact.
   • The specific URL or part of the website where the vulnerability can be observed.
   • Detailed steps to reproduce the vulnerability.
   • Any relevant screenshots, code snippets, or proof of concept.
   • Your contact information (name, email address, and optionally, phone number).
3. Do Not Disclose Publicly: Please do not disclose the vulnerability to the public or any third party until we have had an opportunity to investigate and address it.

Our Commitment

When you submit a vulnerability report to us, we commit to:

• Acknowledging receipt of your report within [X] business days.
• Providing you with an estimated timeframe for addressing the vulnerability.
• Keeping you informed of our progress in resolving the issue.
• Recognizing your contribution once the vulnerability is resolved, if you so desire.

Scope

This policy applies to the following:

• www.blrpods.com

The following are outside the scope of this policy:

• Clickjacking on pages with no sensitive actions.
• Unauthenticated/logout/login CSRF.
• Attacks requiring MITM or physical access to a user's device.
• Previously known vulnerable libraries without a working Proof of Concept.
• Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS.

Safe Harbor

To encourage responsible reporting and to avoid legal concerns, BLR Pods commits to not initiating legal action against security researchers who:

• Engage in testing of systems/research without harming BLR Pods, its customers, or its partners.
• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
• Provide us with a reasonable amount of time to resolve vulnerabilities before disclosing them to any third party.
• Do not engage in any form of extortion or coercion.

Recognition

We appreciate the efforts of security researchers who responsibly disclose security vulnerabilities to us. We will acknowledge your contributions on our website's Security Hall of Fame if you wish to be recognized for your findings.

Contact

If you have any questions about this policy, please contact us .

Thank you for helping us keep BLR Pods and our users safe.