Responsible Disclosure Program

At Be Group, we take security seriously. If you have discovered a potential security vulnerability in our services, we encourage you to report it. Your responsible disclosure helps us ensure the safety and security of our users.

Please contact our security team directly at [email protected] with the following information:

  • A detailed description of the vulnerability, including steps to reproduce it
  • PoC, any supporting materials, such as screenshots or logs…
  • Your contact information for follow-up

We appreciate your efforts to help us protect our platform and users. We aim to respond to all reports within 48 hours and work quickly to address any valid security issues.

Thank you for your collaboration in maintaining a secure environment.

Out-of-Scope Vulnerabilities

  • Social engineering
  • Phishing attack
  • Missing best practices in SSL/TLS configuration
  • Missing HTTP security headers with no significant security impact
  • Software version disclosure, banner identification issues, or descriptive error messages
  • Denial of Service, Distributed-DoS
  • Self-XSS
  • Lack of or insufficient CORS controls
  • Clickjacking on pages with no sensitive actions
  • Tabnabbing
  • Tapjacking
  • Missing email best practices (e.g., invalid, incomplete or missing SPF/DKIM/DMARC records)
  • Open redirects without demonstrable additional security impact.
  • Content Spoofing or Text Injection
  • Private IP disclosure or leakage
  • Rate limiting
  • Vulnerabilities in third-party libraries without a specific security impact or lacking a working PoC
  • Reports from automated scripts or scanners
  • Lack of obfuscation
  • Lack of root/jailbreak detection
  • Attacks requiring MITM or physical access to a user’s device
  • Vulnerabilities requiring extensive user interaction