Report Security Issues

Brand: Doristino · Last updated:

If you discover a security vulnerability on doristino.com, please notify us immediately. We take security seriously and will investigate all legitimate reports to resolve issues promptly. Before submitting a report, please read this document for our responsible disclosure guidelines, bounty program, and reward criteria.

Fundamentals

By following these principles when reporting a security issue to us, we will not pursue legal action against you in response to your report:

  • Give us reasonable time to review and fix the issue before disclosing it publicly.
  • Do not access or modify any private account without explicit permission from the account owner.
  • Make a good-faith effort to avoid privacy violations, service disruptions, or data destruction.
  • Do not exploit the vulnerability for any purpose, including attempting to access sensitive company data or discovering additional issues without authorization.
  • Do not violate any applicable laws or regulations.

Bounty Program

We value security researchers who help us protect our users by reporting vulnerabilities. Monetary rewards are granted at our discretion, based on severity, risk, and impact. To qualify for a bounty, you must:

  1. Follow the fundamentals listed above.
  2. Report a valid security vulnerability that poses a risk to our platform or user data.
  3. Submit your report through our designated security contact channel. Please do not contact individual employees.
  4. If you accidentally cause a privacy violation or disruption during testing, disclose it fully in your report.
  5. Understand that we prioritize reports based on risk and impact; responses may take time.
  6. We reserve the right to publish non-sensitive details of validated reports.

Reward Guidelines

Rewards are based on the impact and exploitability of the reported vulnerability:

  • Critical Severity (up to $200): Remote Code Execution, SQL Injection leaking targeted data, full account access, privilege escalation from user to admin, financial theft.
  • High Severity (up to $100): Stored XSS affecting another user, local file inclusion, insecure handling of authentication cookies, lateral authentication bypass.
  • Medium Severity (up to $50): Logic flaws, insecure direct object references, business process defects.
  • Low Severity: Open redirects, reflective XSS, low-sensitivity information leaks.

Notes: Only the first fully reproducible report of a given issue will be eligible for a bounty. Multiple vulnerabilities from the same root cause may receive a single bounty.

Report Submission

When submitting a security report, include:

  • Detailed description of the issue and potential impact.
  • Steps to reproduce the vulnerability.
  • Any relevant screenshots, code snippets, or proof-of-concept.
  • Browser, OS, or environment details if applicable.

Contact

Email (24/7): doristinostore@gmail.com
Address: 7282 Plantation Rd, Pensacola, FL 32504 United States