Your shopping cart is empty!
If you're a registered User who'd like to report fraud-related activity, account disputes, or spam, please contact the Administrator.
Our team works diligently to protect our customers and their information. We recognize the vital role that security researchers and our user community play in keeping Springcontacts.com and our Sellers and Customers secure. Please review the guidelines below, and if you discover a site or product vulnerability please notify us.
Springcontacts.com does NOT offer a formal compensation program for vulnerabilities that are disclosed. Any monetary rewards are at our discretion for distinct vulnerabilities or severe bugs.
We will thank you for new and interesting reports in our “Thanks” section of this page, however, providing a report does not guarantee a credit will be published. If you do submit a report, please be sure to include a phone number and/or an email address where we can reach you in case we need more information.
We take security issues seriously and will respond swiftly to fix verifiable security issues. Some aspects of our website and services are complex and may take time to update if an issue is identified. If we are properly notified of legitimate issues, we’ll do our best to acknowledge your report and assign appropriate resources to investigate the issue, and fix potential problems as quickly as possible.
We will evaluate each bounty report as they come in. Keep in mind that we may receive redundant reports for issues that are pending resolution. The main steps we follow are:
1. Determine if the issue has already been reported.
2. If the report is not a duplicate report, or immediately disqualified, testing will be performed to see if the issue can be recreated. If we can't recreate the issue, we may contact you for more information.
3. Our testing will seek to determine an actual security issue that needs to be resolved, vs. a functionality bug.
4. If your report is properly verified, we will contact you to let you know that we've validated the report, and advise you whether a formal Thanks or any monetary reward will be issued.
5. We'll start working on a resolution for the issue.
Certain vulnerabilities are considered valid bugs. Any identified bug or vulnerability must be in the main www.springcontacts.com site.
Systems we do not control, including links or redirects to third-party sites, or CDNs, are excluded from the scope of any bounty. In order for us to respond to your report:
1. You must be the first person to responsibly disclose the bug to us
2. You must have found the vulnerability yourself
3. You must follow responsible disclosure principles of giving us a reasonable time to address the issue before you make any information public.
We will review each issue submitted on a case-by-case basis, the following are some of the issues that typically do not meet the requirements of our bounty program:
We fully encourage responsible disclosure and strongly encourage anyone who is interested in researching and reporting security issues to observe the simple courtesies and protocols of responsible disclosure below.
Guidelines for responsible disclosure
This program is not open to minors, individuals or companies which are identified on sanctions lists, or located in countries on sanctions lists. You are responsible for any tax implications or liabilities. You must not violate any law, and you are responsible for any restrictions related to your country and local jurisdictional laws. You must not disrupt any service(s) or compromise anyone’s personal information or data.
We reserve the right to cancel parts of, or this entire program, at any time and the decision to pay a reward is entirely at our discretion.
We sincerely appreciate the efforts of users and security researchers to keep Springcontacts.com secure and safe. We appreciate your efforts! The list of people who have responsibly disclosed vulnerabilities to us in the past can be found below (in alphabetical order):
If you have any questions or need some help, we would be happy to assist.
Please contact us using the tools provided in the Support Center.