Security Policy
Reporting a Vulnerability
Thank you for working with SimplePrints to help ensure we can provide a timely response to security issues with our products. To help ensure that we have enough information to properly evaluate a potential issue, we ask that you include the following information in your report:
- A description of the issue explaining the vulnerability, including the impact to the user(s) or system. This should clearly describe how the issue crosses privilege boundaries.
- The affected resource (i.e., SimplePrints iOS, SimplePrints Android, or our website), the software version, and the platform you are using.
- A proof-of-concept or functional exploit that demonstrates the issue. If a proof-of-concept is not available, please include any relevant logs generated from your testing.
- Any caveats or conditions required to exploit the issue. Indicate if there are any non-default system settings, custom configurations, required user interaction, or anything else that would limit the attack.
- Please note that potential vulnerabilities that do not by themselves expose a service or application to attack are not considered valid issues.
- Please send your report to hello@simpleprints.com with the words "security report" in the subject line. Once we receive your report, SimplePrints will stay in touch with you to provide updates on our investigation and status of a fix for verified issues. During this time we might also request additional information.