REWARD FOR REPORTING


If you find a security issue with our cloud services; report it to operations@ibcom.biz and we will then check it and if valid reward you!

If it contains sensitive information then please use this PGP public key to encrypt.

Thanks,
ibCom Protection Team 


Our approach to security

Standard techniques to protect against


Standard Reward Rates

Based on confidentiality, integrity & availability.

When reporting please reference which layer you are reporting on, see diagram below.

Level / Impact AUD
Low Level report that could have a minor impact on availability of the ibCom cloud service but no impact on confidentiality & integrity for less than 5 minutes. $50
High Level report that has minor impact on availability of the ibCom cloud service but no impact on confidentiality & integrity for more than 5 minutes. $250
Low Level report that has impact confidentiality & integrity of the user. ie it could be used as part of an attack in the UI against the user ie phishing, click-jacking.  But does not impact the ibCom cloud service. $50 
High Level report that has impact confidentiality & integrity on the ibCom cloud service. $250+, but depends on the impact.  Confirmed at time of report.
Any report that has already been reported and in the process of being corrected. $50


By Design / Known

And thus not rewardable.

Man in the middle attack; http v https We run marketing websites that still require http access, but all requests to our authentication endpoint logon (ie where u/p is sent) is via https only and uses perfect forward security - more ...
Large amounts of data Our firewall has blocking at the endpoint level for excessive data loads that may be an attempt to impact availability and thus in their own right do not have an impact.  This is also combined with DDOS protection.  We use AWS Web Application Firewall (WAF).  Even if the User Interface is not checking the length.
IFRAME injection Protected by WAF.
/jscripts Directory Listing The /jscripts folder is a public JavaScripts files folder and has the listing enabled by design. 
DMARC for Emails We understand the value of DMARC and are in the process of adding to the existing SPF DNS records - more ...


Layers

When reporting you need to include the layer for which you are reporting.  Layer 2 apps built on top of the ibCom cloud services are not the responsibility of ibCom, except for our console app.

mydigitalstructure-protect-rewards-layers.jpg


Payment

Payment is via PayPal or to an ADA wallet.  We do not do direct bank account transfers.

   
 

 

   
Help!