Dwellsy has a goal to prevent fraud in all forms, and have chosen to focus a Zero Fraud initiative to combating the various forms of fraud that are typically found in the real estate marketplace. To that end, we appreciate the work of security researchers, analysts, and hackers who would contribute their time and energy in notifying us of potential vulnerabilities in our products and services, as it helps to keep our customers safe and better protected from the sorts of harms common in the marketplace.
You can report any security vulnerabilities or flaws that you have found on any of our products or services. Common examples include XSS scripting vulnerabilities, naive logic errors, or remote privilege escalations. We are happy to hear from you regarding any errors you encounter, but if you're inquiring about what is rewardable, the following matters would be considered out of scope:
Vulnerabilities should be disclosed to us via our FlowCrypt contact page. Take not of our https://flowcrypt.com/pub/dwellsysecurity
We will endeavor to respond and confirm receipt of the error as soon as we possibly can. Once we have looked into the issue and confirmed it, we will update you on the confirmation of the issue and discuss severity and payment.
Please do not exploit vulnerabilities that have been found
Please do not modify information on our systems
Please do not affect the deliverability of Dwellsy service to its customers through denial of service attacks or rate limiting bypasses
Please allow us a chance to respond before full disclosure.
Please acknowledge that despite doing rather big things, Dwellsy is still a really small team that is doing our best, and protecting our customers' sensitive information is very important to us.
Yes, we're happy to accept anonymous reports, but it makes it hard for us to respond without some voluntarily provided information. That said, we are more than happy to oblige to keeping your identity as anonymous to others as you like. Or if you prefer, we're happy to award very public certificates of our appreciation. Your identity is yours to disclose, and a request to keep your identity between us will be honored.
If you are reporting vulnerabilities to us anonymously, please make sure to provide a way to reach you and know that we will not disclose that information without your express permission.