Vulnerability Disclosure Policy

We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of all Dokobit users.

Rewards

While this program does not offer direct monetary rewards, researchers who report previously unknown vulnerabilities that lead to a code or configuration change may be invited to our invite-only bug bounty program, where they can receive both recognition and financial bounties for further contributions.

Scope

• Dokobit Document Signing Portal – https://app.dokobit.com
• Dokobit API sandboxes – https://developers.dokobit.com, https://gateway-sandbox.dokobit.com, https://id-sandbox.dokobit.com
• Dokobit Portal API – https://app.dokobit.com/api
• Dokobit Gateway – https://gateway.dokobit.com
• Dokobit Identity Gateway https://id.dokobit.com
• Dokobit E-Signing and E-Identification API – https://ws.dokobit.com
• Dokobit Authentication – https://auth.dokobit.com

Reporting

Vulnerability reports are handled by a third-party partner, Intigriti (www.intigriti.com). Detailed information about the report eligibility and responsible disclosure can be found at https://app.intigriti.com/programs/signicat/signicatresponsibledisclosure/detail

Guidelines

We will not pursue civil action or initiate a complaint to law enforcement for accidental, good-faith violations of this policy. To the extent your activities are inconsistent with certain restrictions in our Acceptable Use Policy (https://www.dokobit.com/compliance/acceptable-use-policy), we waive those restrictions for the limited purpose of permitting security research under this policy.