Bug tracker: closing security gaps
With our bug tracking system we support the reporting and quick elimination of security gaps (bugs) in our booking system.
Both individuals and organizations are invited to report the vulnerabilities of our system so we can fix them quickly and effectively.
If the rules indicated below are strictly adhered to, and the flaws are not used for fraudulent purposes, Very Viva Venice will take no legal action against the issue reporter.
How to notify a vulnerability
Contents to be preferred in the report
All the information necessary to identify the vulnerability must appear in the report.
a) the type of vulnerability
b) indication of the product / service concerned
c) a detailed description of the vulnerability found and of the system involved
d) a clear and in-depth description of the operations necessary to exploit the flaw. We recommend a step by step documentation
e) additional information screenshots, HTTP requests etc.
The collaboration between Very Viva Venice and the security community is governed by the following rules, which all parties are required to comply with.
1) The publication of the security flaw follows the principle of "responsible disclosure" (see below)
2) The recipient of the disclosure must exclusively be Very Viva Venice
3) None of the activities that allow the discovery of a security flaw infringes current relevant legislation.
A "responsible disclosure" must comply with the following criteria:
1) Very Viva Venice shall be given sufficient time, usually at least 90 days, to verify and resolve the vulnerability
2) The tests must not damage any of Very Viva Venice services and products .
3) Data may not be spied out or disclosed or forwarded to third parties, or damage our services and data. A DDoS / spam attack is not allowed.
4) The vulnerability may not be disclosed to third parties or exploited for other purposes
5) Claims related to the reporting of a vulnerability will not be considered.
REPORTING A BUG IS A WAY TO CONTRIBUTE TO THE SECURITY OF OUR PROJECT !!!
Do not be afraid to write to us, those who will read are people like many others, indeed, they are people who considers all these reports important!
Very Viva Venice Srl