Vulnerability Disclosure Policy

Pine Labs Vulnerability Disclosure Policy

(Pine Labs Private Limited and its affiliates ("Pine Labs”))

Pine Labs is committed to ensuring the security of our customers' data and the reliability of our products and services. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and its reporting. This Policy is applicable on www.pinelabs.my.

Legal Safe Harbor

  • Pine Labs will pursue legal action against security researchers only if they fail to comply with this policy during their research activities or indulge in any actions in violation of applicable law.
  • Should legal action be initiated by a third party against a researcher, and the researcher has been compliant with this policy, Pine Labs will take the necessary measures to make it known that the researcher's activities are authorized.

Restricted Actions

This section lists actions that are not authorized. Performing any of them will constitute a violation of this policy, which decision will be at the sole discretion of Pine Labs:

  • Breach of any applicable laws/regulatory guidelines in connection to, and leading up to your report.
  • Denial of Service (DoS) or other actions that degrade, damage, or interrupt Pine Labs services.
  • Exploitation of any vulnerabilities found.
  • Social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
  • Testing physical security of any property, building, plant or factory of Pine Labs.
  • Leak/modify/destroy/misuse/abuse any user data or system files.

Reporting

The preferred method for contacting Pine Labs regarding security vulnerabilities is by using the form present on this page.

Pine Labs highly appreciates the efforts made by the reporting party in identifying the vulnerability or error.
Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

By submitting a report, you expressly agree to the following terms:

  • You assign all use and ownership rights of the report to Pine Labs and shall not claim any right of ownership on the same.
  • Your actions and interactions with Pine Labs leading up to the report is not in violation of any applicable laws or third party rights.
  • Your report is your original work and not copied or duplicated from any other party.
  • You have no intention of harming Pine Labs or bringing disrepute to Pine Labs, its customers, employees, partners, vendors or suppliers.
  • You agree to not disclose any information about the report and vulnerability described within, and the fact that you submitted a report to Pine Labs.
  • You agree that the report is made out of goodwill, and is done without any expectations of rewards, monetary or otherwise, from Pine Labs.

Contact Information

Supplying your contact information with your report is entirely voluntary and at your discretion. This does not guarantee that you will receive any responses from Pine Labs regarding your report. Pine Labs may contact you regarding the contents of the report at its own discretion.

Click to report a Vulnerability