Please act in good faith towards our customer's privacy and data during your disclosure. Orangescrum requests that you don't post or share any information about a potential vulnerability publicly. Also, we respectfully ask that you do not post or share any data belonging to our customers. We will not take legal actions against individuals who act in good faith and responsibly disclose a security issue.
We always appreciate your taking the time to help us find and fix security issues.
We would like to thank the following individuals who helped Orangescrum realize and fix security issues.
If you think you've discovered an issue with Orangescrum security measures, please contact us at developer@orangescrum.com. Once we've received your message, we will investigate the issue. If you are interested in helping find the solution, let us know and we will involve you as much as we can.
NOTE: In your disclosure, please include the potential impact with screen-shot if possible, steps to reproduce the issue and page name. Also don't forget to mention your Name, Twitter/Facebook/LinkedIn/G+ ID
We appreciate and will try to publish your profile here; we donot provide any monetary compensation. Your help may save our customer!