Baymaster is providing this service to help ensure a safe and secure environment for all users.
If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.
This policy applies to Baymaster hosted applications and to any other subdomains or services associated with products. Baymaster does not accept reports for vulnerabilities which solely affect marketing websites (bay-master.com), containing no sensitive data.
Security researchers must not:
- engage in physical testing of facilities or resources,
- engage in social engineering,
- send unsolicited electronic mail to Baymaster users, including “phishing” messages,
- execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks,
- introduce malicious software,
- execute automated scans or tools that could disrupt services, such as password guessing attacks, or be perceived as an attack by intrusion detection/prevention systems,
- test in a manner which could degrade the operation of Baymaster systems; or intentionally impair, disrupt, or disable Baymaster systems,
- test third-party applications, websites, or services that integrate with or link to or from Baymaster systems,
- delete, alter, share, retain, or destroy Baymaster data, or render Baymaster data inaccessible, or,
- use an exploit to exfiltrate data, establish command line access, establish a persistent presence on Baymaster systems, or “pivot” to other Baymaster systems.
Security researchers may:
- View or store Baymaster nonpublic data only to the extent necessary to document the presence of a potential vulnerability.
Security researchers must:
- cease testing and notify us immediately upon discovery of a vulnerability,
- cease testing and notify us immediately upon discovery of an exposure of nonpublic data, and,
- purge any stored Baymaster nonpublic data upon reporting a vulnerability.
Thank you for helping to keep Baymaster and our users safe!
