SlapFive Security Vulnerability Disclosure Program

Last Updated: June 28, 2025

At SlapFive, we are committed to ensuring the security of our platform and protecting our customers’ data. We value the contributions of security researchers and the broader security community in helping us maintain a secure environment. Our Vulnerability Disclosure Program is designed to encourage the responsible reporting of potential security vulnerabilities.

If you believe you have discovered a security vulnerability in a SlapFive product, we encourage you to report it to us as soon as possible. We are committed to working with you to understand and resolve the issue quickly.

Scope

This program applies to security vulnerabilities found in the following SlapFive owned and operated domains and services:

• app.slapfive.com

Any domain or service not explicitly listed above is considered out of scope. This includes any third-party services or integrations used by SlapFive.

Types of Vulnerabilities We Are Interested In

We are particularly interested in, but not limited to, the following types of vulnerabilities:

• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• SQL Injection (SQLi)
• Server-Side Request Forgery (SSRF)
• Remote Code Execution (RCE)
• Authentication or Authorization Flaws
• Insecure Direct Object References (IDOR)
• Significant security misconfigurations

Out of Scope Vulnerabilities

The following issues are generally considered out of scope:

• Findings from physical testing such as office access (e.g., open doors, tailgating).
• Social engineering of SlapFive employees or contractors.
• Denial of Service (DoS or DDoS) vulnerabilities.
• Spam or phishing-related issues.
• Vulnerabilities in third-party applications or services that integrate with SlapFive.
• Missing security headers that do not directly lead to a vulnerability.
• Reports of insecure SSL/TLS ciphers or protocol versions.
• Self-XSS that cannot be used to exploit other users.

How to Report a Vulnerability

To report a security vulnerability, please send an email to security@slapfive.com with the subject line “Security Vulnerability Report”.

Please include the following information in your report:

• A clear description of the vulnerability: Explain the nature of the vulnerability and its potential impact.
• Steps to reproduce: Provide detailed instructions on how to reproduce the vulnerability. This may include URLs, screenshots, and code snippets.
• Your contact information: Your name and a way to contact you.

What to Expect After Reporting

• We will acknowledge receipt of your report within 2 business days.
• We will investigate the vulnerability and may contact you for more information.
• We will take appropriate action to remediate the vulnerability in a timely manner.
• We will notify you when the vulnerability has been resolved.

Rewards and Recognition

While SlapFive does not currently offer monetary rewards for vulnerability disclosures, we believe in recognizing the efforts of security researchers who help us keep our platform secure. With your permission, we would be happy to publicly acknowledge your contribution on a dedicated Hall of Fame page on our website after the vulnerability has been remediated.

We thank you for your help in keeping SlapFive and our customers safe. We appreciate your efforts and responsible disclosure.