Vulnerability Disclosure Policy
Our aim at Macabacus is for our customers to feel safe using our software and interacting with our systems. We strive to maintain the highest standards of security and quality, but are aware that it is possible for errors to slip through.
If you believe that you have found a vulnerability, please let us know so that we can fix it as quickly as possible. If you need to submit sensitive information to us, please use our PGP key. Please include a description of the vulnerability and the steps to reproduce it. We will keep you updated of our progress and report when we have fixed the issue. Do not disclose the information publicly until we have had time to correct the problem.
In the process of researching vulnerabilities, you must not access or attempt to access data that does not belong to you. In addition you must not modify or remove data. Do not conduct research that impacts our customers, or that affects our ability to deliver our services.
In-scope are our website at https://macabacus.com and our software that is available for download at https://macabacus.com/downloads.
Out of scope are spam, phishing, social engineering, brute force attacks, and denials of service.
We consider activities conducted consistent with this policy to constitute “authorized” access under anti-hacking laws. We will not bring a claim against you for circumventing the technological measures we have used to protect the applications in scope. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy. We will not pursue civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.
Please submit a report to us before engaging in conduct that may be inconsistent with or unaddressed by this policy.