Vulnerability Disclosure
Found something? Tell us.
We welcome responsible security research. Report issues to security@coshine.com — we will acknowledge within 1 business day and triage within 5.
Scope
- *.coshine.com web properties
- Coshine production APIs (api.coshine.com)
- Out of scope: third-party SaaS we use, social-engineering, physical attacks, denial-of-service
What we ask of you
- Do not access, modify or destroy data that isn't yours
- Do not run automated scanners against production unless agreed
- Give us reasonable time to fix before public disclosure
- Provide enough detail to reproduce
Safe harbour
Good-faith research within the scope above will not result in legal action against you.