Vulnerability Testing

We periodically test our applications and infrastructure for vulnerabilities by performing third party and internal penetration tests.

In addition to periodic penetration testing, we have ongoing vulnerability disclosure and reward programs where our security is evaluated on a continuous basis by security researchers who are financially rewarded based on vulnerabilities they identify. If you believe you have found a vulnerability, please let us know (optionally use our public PGP key).

Macabacus’ security team investigates all reported vulnerabilities immediately, and will respond to reports as quickly as possible. We recognize that security research requires much time and effort, and as a result have set up a reward system for responsible security researchers that confidentially disclose vulnerabilities to us for the first time, and that allow us adequate time to remedy such vulnerabilities before disclosing them publicly. Reports are eligible for a reward if they are verified to affect the confidentiality or integrity of our user’s data. We do not reward disclosures that are not design or implementation vulnerabilities, such as spam, phishing, social engineering, brute force attacks, or denials of service.

For more information, please see our Vulnerability Disclosure Policy.