Security Policy 1️⃣ Scope & Purpose At Firstpoint, we take security seriously and encourage security researchers to report vulnerabilities responsibly. This policy outlines the process for reporting security issues, our response times, and guidelines for ethical security research. This policy applies to: - Security researchers - Ethical hackers - Individuals reporting security vulnerabilities in our systems --- 2️⃣ Responsible Disclosure Policy We welcome vulnerability reports that help us improve the security of our systems. Please follow these guidelines when reporting: - How to report: Security vulnerabilities should be reported via email to: 📩 security@firstpoint.com.tr We do not have a bug bounty program. - Encryption requirement: PGP encryption is not required, but researchers may use it at their discretion. - Response time: We aim to acknowledge vulnerability reports within two weeks. - Remediation timeline: - Critical vulnerabilities: Immediate action will be taken. - Non-critical issues: Addressed based on priority and impact. --- 3️⃣ Rules & Guidelines To ensure a responsible disclosure process, security researchers must adhere to the following guidelines: ✅ Allowed activities: - Conduct non-destructive security testing. - Use responsible disclosure methods without harming users or systems. 🚫 Prohibited activities: - Do not access, modify, or delete user data. - Do not perform Denial-of-Service (DoS), phishing, or social engineering attacks. - Do not cause intentional disruption of services. 📢 Public disclosure: - Vulnerabilities must not be disclosed publicly without our approval. - If the reported issue affects one of our partner companies, we will help connect the researcher to the relevant bug bounty program. --- 4️⃣ Legal Considerations We appreciate ethical security research and will not take legal action against researchers acting in good faith, as long as they follow this policy. However, researchers must: - Respect privacy laws and avoid accessing personal data. - Avoid intentionally disrupting our services or causing outages. - Comply with applicable laws and regulations during security testing. Failure to comply with these rules may result in legal consequences. --- 5️⃣ Contact Information To report a security vulnerability, please use the following contact details: 📩 Email: security@firstpoint.com.tr 🔗 Security Policy URL: https://firstpoint.com.tr/security-policy We do not have a Hall of Fame or bug bounty program, but if a vulnerability affects one of our partner companies, we will facilitate communication so that researchers may benefit from their respective programs. --- Thank You! We appreciate the efforts of security researchers in keeping our systems secure. 🚀🔐