🛡️ Responsible disclosure
Security Policy
Helping keep the community safe through responsible disclosure and collaboration.
🔐
Report a Security Issue
If you discover a security vulnerability, please report it privately. Include steps to reproduce and any relevant logs or screenshots.
hello@planmycricket.com
What's In Scope
🔓
Authentication Bypasses
Unauthorized access to accounts or sessions
📂
Data Exposure
Unintended access to match data or user information
⚾
Scoring Integrity
Match tampering or score manipulation vulnerabilities
💉
Injection Attacks
SQL, XSS, or other code injection vulnerabilities
Testing Guidelines
✅
Do
- —Report issues privately to hello@planmycricket.com
- —Provide detailed reproduction steps
- —Allow reasonable time for fixes before disclosure
- —Use test accounts and dummy data
❌
Don't
- —Access or modify other users' real match data
- —Perform denial-of-service attacks
- —Test on live, public matches
- —Share vulnerabilities publicly before they're fixed
🏆
Recognition
Responsible disclosure helps everyone. Security researchers who follow these guidelines will be acknowledged (with permission) in our security hall of fame.