search
Ctrlk
GitHubDiscordBook a callLog InTry it Now

Vulnerability Disclosure Program

Burla welcomes good-faith security research and the responsible disclosure of vulnerabilities that may affect our systems, services, or users.

If you believe you have discovered a security vulnerability in Burla, please report it to:

[email protected]

Please include as much of the following as possible:

  • a clear description of the issue

  • steps to reproduce it

  • the affected URL, endpoint, or service

  • screenshots, logs, or proof of concept if helpful

  • your contact information so we can follow up

hashtag
Our Commitment

If you submit a report in good faith and in line with this policy, Burla will:

  • review the report promptly

  • investigate legitimate issues

  • work to remediate confirmed vulnerabilities in a reasonable timeframe

  • communicate with you as appropriate during the review process

hashtag
Rules of Engagement

To keep research safe and responsible, please:

  • act in good faith

  • avoid privacy violations, destruction of data, and interruption of service

  • only test against accounts and systems you own or are explicitly authorized to test

  • stop testing and notify us immediately if you encounter customer data or other sensitive information

  • give us a reasonable opportunity to investigate and address the issue before any public disclosure

Please do not:

  • access, modify, or exfiltrate data that does not belong to you

  • perform denial of service or stress testing

  • use phishing, social engineering, spam, or physical attacks

  • introduce malware, ransomware, or other malicious payloads

  • exploit a vulnerability beyond what is reasonably necessary to confirm that it exists

hashtag
Scope

This policy applies to Burla-owned public-facing applications, services, and infrastructure unless otherwise stated.

Third-party services, providers, and applications not owned by Burla are out of scope.

hashtag
Safe Harbor

Burla will not pursue legal action against researchers for good-faith testing conducted in a manner consistent with this policy.

This safe harbor applies only to activities that:

  • are intended solely to identify and report vulnerabilities

  • avoid harm to Burla, its users, and third parties

  • comply with all applicable laws and regulations

hashtag
No Bug Bounty

Burla does not currently offer a paid bug bounty program unless explicitly stated otherwise.

hashtag
Reporting

Please send vulnerability reports to:

[email protected]

Last updated