Responsible Disclosure Policy

Min Doktor aims to keep its service safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered what might be a security vulnerability within our service, we appreciate your help in disclosing it to us in a responsible manner and welcome your assistance. Min Doktor will engage with security researchers when vulnerabilities are reported to us in accordance with this responsible disclosure policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate access to those who discover and report security vulnerabilities in accordance with this policy.

How to Participate

You may test only against your own account but we have a penetration testing environment and prefer if you use it. The information around this environment is found within our HackerOne profile. In no event are you permitted to access, download or modify data residing in any other account or that does not belong to you or attempt to do any of the foregoing. You are also prohibited from:

  • executing or attempting to execute any “Denial of Service” attack
  • knowingly posting, transmitting, uploading, linking to, sending, or storing any malicious software
  • testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of duplicative or unsolicited messages
  • testing in a manner that would degrade the operation of the service
  • testing third party applications, websites, or services that integrate with or link to the service.

Reporting

We only accept bugs through our HackerOne program which is currently private. Only vulnerabilities submitted there will be eligible for a reward. We reward the first reporter with a clear written report containing a proof of concept.

Please email us at security@mindoktor.se with from email address associated with your HackerOne profile, and you will be added to our program. From there you can securely report any findings.

We look forward to your work and wish you happy hunting.