At Vimro, the security of our systems, our website, and our customers’ data is our highest priority. We value the role that independent security researchers and our user community play in helping us maintain a secure environment.
If you believe you have found a security vulnerability on vimro.store, we encourage you to report it to us immediately.
1. How to Report a Vulnerability
If you have discovered a potential security issue, please email our team directly at support@vimro.store.
To help us understand and resolve the issue quickly, please include the following in your email:
- Subject Line: Please use the subject line “Security Vulnerability Report – [Brief description of issue]”.
- Description: A detailed description of the vulnerability, including the specific URLs or endpoints affected.
- Steps to Reproduce: Clear, step-by-step instructions on how to reproduce the issue (screenshots or video recordings are highly appreciated).
- Potential Impact: Your assessment of what an attacker could achieve using this vulnerability.
2. Rules of Engagement
We request that you conduct your security research responsibly. By participating in our vulnerability disclosure program, you agree to the following guidelines:
- No Destructive Actions: Do not perform any actions that could harm Vimro, our systems, or our customers. This includes, but is not limited to, deleting data, modifying data, or taking down our services (e.g., DDoS attacks).
- Protect User Data: You must not access, download, or alter the personal data or payment information of any Vimro customers. If you encounter user data during your research, you must stop immediately and report the vulnerability.
- No Public Disclosure: We ask that you keep your findings strictly confidential and do not share them publicly or with third parties until we have had a reasonable amount of time to investigate and patch the vulnerability.
- No Social Engineering: Do not attempt phishing, spamming, or social engineering against our employees, contractors, or customers.
3. Our Commitment to You
When you submit a vulnerability report in good faith, Virmo LLC commits to the following:
- We will acknowledge receipt of your report within 3 to 5 business days.
- We will thoroughly investigate the issue and provide you with updates on our progress as we work toward a resolution.
- We will not pursue legal action against you or ask law enforcement to investigate your activities, provided you have strictly adhered to the Rules of Engagement outlined above.
4. Compensation and Bug Bounties
At this time, Virmo LLC does not operate a paid bug bounty program. We do not offer financial compensation for reporting security vulnerabilities. We will, however, be deeply grateful for your efforts in helping us keep our community safe.
Contact Us
For all security-related reports and inquiries, please contact:
Company Name: Vimro
Address: 187 Frost St, Brooklyn, New York, 11211, United States
Phone: +1 929-782-9239
Email: support@vimro.store
Hours of Operation: Monday to Friday — 8:00 AM to 7:00 PM PST