TrueBlueReview

Security Policy

Responsible Disclosure Guidelines

True Blue Review Pty Ltd takes the security of our systems and our customers' data seriously. We appreciate the work of security researchers who help us identify and address vulnerabilities responsibly.

What to Report

We welcome reports of security vulnerabilities including:

  • Authentication and authorisation bypasses
  • Data exposure or leakage vulnerabilities
  • Cross-site scripting (XSS) vulnerabilities
  • SQL injection or other injection attacks
  • Cross-site request forgery (CSRF)
  • Server-side request forgery (SSRF)
  • Remote code execution
  • Privilege escalation
  • Sensitive data in logs or error messages
  • Insecure direct object references

What NOT to Do

When researching vulnerabilities, please do not:

  • Perform denial of service (DoS/DDoS) attacks
  • Access, modify, or delete data belonging to other users
  • Exfiltrate any data, including customer or patient information
  • Use automated scanning tools that generate excessive traffic
  • Attempt social engineering attacks against our staff
  • Physically access our offices or data centres
  • Publicly disclose vulnerabilities before they are resolved
  • Exploit vulnerabilities beyond what is necessary to demonstrate the issue

How to Report

Please send your security reports to:

Email: contact@truebluereview.com

Include the following in your report:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up

Our Commitment

When you report a security vulnerability to us, we commit to:

  • Acknowledge receipt of your report within 72 hours
  • Investigate the reported vulnerability promptly
  • Keep you informed of our progress in addressing the issue
  • Not take legal action against researchers who follow these guidelines
  • Credit you for the discovery (if desired) once the issue is resolved

Scope

This policy applies to the following domains and services:

  • truebluereview.com
  • *.truebluereview.com

Third-party services integrated with our platform are out of scope. Please report issues with those services directly to their respective providers.

Contact

True Blue Review Pty Ltd

Email: contact@truebluereview.com

Back to Home