Vulnerability Disclosure Policy - Square Outfitters

Vulnerability Disclosure Policy

Effective Date: March 01, 2026

1. Introduction

Square Outfitters is committed to protecting the security and privacy of our customers, partners, and systems. We value the contributions of security researchers in helping us identify and address potential vulnerabilities.

This policy outlines the guidelines for responsibly conducting vulnerability research and reporting findings to Square Outfitters.

2. Compliance

If you act in good faith and comply with this policy, Square Outfitters will not pursue legal action or refer your activities to law enforcement.

Any ambiguities will be resolved in favor of ethical and responsible research.

3. Requirements

  • Notify us promptly upon discovering a vulnerability
  • Avoid privacy violations, service disruption, and data loss
  • Only test to confirm the existence of a vulnerability
  • Do NOT access, modify, or delete data
  • Do NOT establish persistent access or pivot to other systems
  • Stop testing immediately if sensitive data is encountered and report it
  • Do not disclose vulnerabilities publicly without written consent

4. Prohibited Test Methods

  • Denial of Service (DoS/DDoS) or stress testing
  • Accessing accounts or data that do not belong to you
  • Sending spam or unsolicited messages
  • Social engineering or impersonation
  • Physical security testing (trespassing)
  • Uploading or distributing malicious software
  • Testing third-party systems not owned by Square Outfitters

5. Scope

This policy applies only to:

  • Square Outfitters website
  • Official web applications owned and operated by Square Outfitters
Out of Scope:
  • Internal systems and infrastructure
  • Third-party platforms or integrations
  • Cloud services not directly managed by Square Outfitters

If you believe a vulnerability exists outside this scope, please contact us before proceeding.

6. Reporting a Vulnerability

How to Report

Send reports to:
Reports may be submitted anonymously.

What to Include

  • Detailed description of the vulnerability
  • Steps to reproduce
  • Affected URLs or systems
  • Proof of concept (screenshots, scripts, etc.)

What You Can Expect

  • Acknowledgment within 5 business days
  • Follow-up for clarification if needed
  • Efforts to resolve the issue appropriately

Note: Square Outfitters does not offer a bug bounty or financial rewards.

7. Policy Updates

Square Outfitters may update or terminate this policy at any time. Please review periodically for changes.

8. Questions & Feedback

For any questions or suggestions, contact:

© 2026 Square Outfitters. All rights reserved.
Search
Search