Responsible Disclosure Program

At CocashCreators.Com, we take the security of our customers very seriously. If you have discovered or believe you have discovered potential security vulnerabilities in our website, we encourage you to disclose your discovery to us as quickly as possible in accordance with this Responsible Disclosure Program.

We will work with you to validate and respond to security vulnerabilities that you report to us. Because public disclosure of a security vulnerability could put our services at risk, we require that you keep such potential vulnerabilities confidential until we are able to address them. We will not take legal action against you or suspend or terminate your access to our website, provided that you discover and report security vulnerabilities in accordance with this Responsible Disclosure Program. Cocash Creators reserves all of its legal rights in the event of any noncompliance.

In no event shall your research and testing involve:

  1. Accessing, or attempting to access, accounts or data that does not belong to you or your Authorized Users,
  2. Any attempt to modify or destroy any data,
  3. Executing, or attempting to execute, a denial of service attack,
  4. Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages,
  5. Testing third party websites, applications or services that integrate with CocashCreators.Com,
  6. Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software, or otherwise attempting to interrupt or degrade CocashCreators.Com, and
  7. Any activity that violates any applicable law.

The following is a partial list of issues that we ask for you not to report, unless you believe there is an actual vulnerability:

  • CSRF on forms that are available to anonymous users
  • Disclosure of known public files or directories (e.g. robots.txt)
  • Domain Name System Security Extensions (DNSSEC) configuration suggestions
  • Banner disclosure on common/public services
  • HTTP/HTTPS/SSL/TLS security header configuration suggestions
  • Lack of Secure/HTTPOnly flags on non-sensitive cookies
  • Logout Cross-Site Request Forgery (logout CSRF)
  • Phishing or Social Engineering Techniques
  • Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality
  • Sender Policy Framework (SPF) configuration suggestions

Reporting Security Vulnerabilities

If you believe you have discovered a security vulnerability issue, please share the details with us by emailing [email protected]

We will acknowledge receipt of your report within 2 business days, notify you when the vulnerability is fixed, and, publicly acknowledge your responsible disclosure by mentioning your full name on our Hall of Fame.