EskomSePush Logo - South Africa's Leading Loadshedding App

Security Policy

Effective: 30 August 2023

Introduction

At wellwellwell investments (Pty) Ltd, we take the security of our website and mobile application seriously. This policy outlines our approach to handling security vulnerabilities reported by external security researchers.

Vulnerability Reporting

We welcome the help of security researchers to identify and mitigate potential vulnerabilities in our systems. If you discover a security issue, please follow the responsible disclosure process outlined below.

Responsible Disclosure Process

Reporting Vulnerabilities

If you identify a security vulnerability in our website or mobile application, we appreciate your responsible disclosure. Please provide the details of the vulnerability to us via email at the address specified in our security.txt file.

Bug Bounties

We do not currently offer bug bounties or financial rewards for vulnerability submissions.

Acknowledgment and Thanks

While we do not provide monetary compensation, we do value the contributions of security researchers. Upon verification and resolution of a reported vulnerability, we will express our gratitude by acknowledging your efforts on our company letterhead. If you're interested in this recognition, please let us know when reporting the vulnerability. If you're interested in public and linkable recognition we can add details to the Security Acknowledgements.

Communication

After you report a vulnerability, we will acknowledge the receipt of your report within 10 business days. Our security team will then evaluate the vulnerability and communicate with you regarding its severity, potential impact, and our intended course of action.

Resolution and Disclosure

We are committed to addressing reported vulnerabilities in a timely manner. Once a vulnerability is fixed, we will work with you to ensure that the details can be disclosed responsibly, allowing sufficient time for users to update their systems.

Confidentiality

We ask that you keep any information related to the reported vulnerability confidential until we have resolved the issue and agreed upon a suitable disclosure timeline.

Scope

This policy applies only to our official website and mobile application. Any other systems, services, or third-party applications are out of scope for this policy.

By submitting a vulnerability report, you agree to follow this security policy and act in good faith. We will not take legal action against individuals who report vulnerabilities responsibly and in accordance with this policy.

Thank you for your commitment to improving the security of our website and mobile application. Your assistance is crucial in helping us maintain a safe online environment for our users.