Keep your business running through any disruption. Continuous replication and automated failover ensure industry-leading RPO/RTO across our Dubai, Fujairah, and Vienna data centers.
Security
Vulnerability Disclosure
Bamboozle Web Services is committed to keeping our customers and their data safe. We welcome responsible disclosure of security vulnerabilities from security researchers and the broader community. If you believe you have discovered a vulnerability in Bamboozle's systems, we ask you to tell us so we can address it promptly.
Scope
This policy applies to vulnerabilities discovered in:
- bamboozle.me and its subdomains
- cloudcontrol.bamboozle.me
- portal.bamboozle.me
- cyberprotect.bamboozle.me
- support.bamboozle.me
- Bamboozle's public APIs
- Bamboozle's network infrastructure and services
This policy does not cover vulnerabilities in third-party software or services used by Bamboozle where the vulnerability is the responsibility of the upstream vendor. It also does not cover resources belonging to Bamboozle customers hosted on our infrastructure.
How to report a vulnerability
Email your report to [email protected]. Please include:
- A clear description of the vulnerability and its potential impact
- The URL, IP address, or system affected
- Step-by-step instructions to reproduce the vulnerability
- Any proof-of-concept code, screenshots, or other supporting evidence
- Your contact details so we can follow up with you
For sensitive reports, you may request our PGP public key to encrypt your submission. Email [email protected] to request it.
What to expect from us
- Acknowledgement — we will acknowledge receipt of your report within 2 business days
- Assessment — we will assess the vulnerability and provide an initial response within 5 business days
- Updates — we will keep you informed of our progress as we investigate and remediate
- Resolution — we will notify you when the vulnerability has been resolved
Responsible disclosure guidelines
We ask that you:
- Give us a reasonable amount of time to investigate and remediate before disclosing publicly — we ask for a minimum of 90 days from your initial report
- Make a good faith effort to avoid violating the privacy of our customers, disrupting our services, or destroying data
- Only interact with accounts and resources you own or have explicit permission to test
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do not use automated scanning tools against our infrastructure without prior authorization
Recognition
We genuinely appreciate the work of security researchers who help us improve the security of our platform. Researchers who responsibly disclose valid vulnerabilities will be acknowledged in our Security Hall of Fame with their permission. We do not currently operate a paid bug bounty program but plan to introduce one in the future.
Legal protections
Bamboozle Web Services will not pursue legal action against security researchers who discover and report vulnerabilities in good faith in accordance with this policy. We consider responsible security research to be a valuable contribution to the security of the internet and our customers.
Contact Us
To report a vulnerability, email [email protected]. For abuse reports, contact [email protected].