BaRRiL takes responsibility for all aspects relating to the transaction including sale of goods and services sold on this website, customer service and support, dispute resolution and delivery of goods.When security vulnerabilities are reported to us in compliance with this policy, BaRRiL will validate and fix such vulnerabilities as soon as reasonably possible, in line with our commitment to the privacy, safety and security of our customers. We will not take legal action against you or terminate your access to the Service if you discover and report security vulnerabilities responsibly in compliance with this policy. BaRRiL reserves all of its legal rights in the event of any noncompliance with this policy.
If you are looking to report another type of issue, which falls outside of the scope of this policy, for example if you are a current customer and you suspect fraudulent activity or suspect that your account may have been compromised, please contact our support team here. Your issue will be investigated immediately and thoroughly.
Reporting a Security Vulnerability
If you think that you have found a security vulnerability in our Website or Service, please contact us immediately via firstname.lastname@example.org. When reporting a security vulnerability, you must do the following:
- Include as much information as possible in your report, as we require a way to reproduce the security vulnerability in order to validate and fix it. “Proof-of-Concept” programs, tools, or test accounts that you’ve created are welcome, and the following information is required:
- the URL where the vulnerability occurs;
- if applicable, the parameter where the vulnerability occurs;
- the type of the vulnerability;
- a step-by-step instruction how to reproduce the vulnerability;
- a demonstration of the vulnerability, by screenshots or video; and
- if applicable, an attack scenario (an example attack scenario may help demonstrate the risk and get the issue resolved faster).
- Do not share your findings with anyone until BaRRiL has had adequate time to investigate and deploy a fix. We will notify you when the security vulnerability has been patched.
- Consider telling us how to identify you.
We’re particularly interested in:
- XSS attacks
- SQL injection
- Remote code execution
- Circumventing permission limitations
- CSRF attacks
At BaRRiL, we welcome “white hat” security researchers, and appreciate your research and proactive responsible disclosure. Please note however that BaRRiL does not permit you to do any of the following:
- access, modify or destroy a BaRRiL customer’s account or data;
- interrupt or degrade our Service;
- execute a “Denial of Service” attack;
- post, transmit, upload, link to, send or store any malicious software;
- send any unsolicited or unauthorized mail or messages;
- violate any applicable law;
- perform any testing that would result in any of the above; or
- attempt to do any of the above.
Contravening this policy in any way may result in us suspending or terminating your access to the Service, contacting the relevant authorities and/or pursuing any other remedies we have at law.
If you identify a security vulnerability in compliance with this policy, BaRRiL commits to:
- acknowledging receipt of your vulnerability report in a timely manner;
- confirming the validity of your report; and
- notifying you when the vulnerability is fixed.
We will unfortunately not offer any monetary rewards.