Responsible Vulnerability Disclosure

How to Report a Vulnerability

Email: Send an email with details of the potential vulnerability to security@mergerwaterfall.com. Please use a descriptive subject line and include the following information:

  1. 1. Description of the vulnerability
  2. 2. Steps to reproduce the issue
  3. 3. Any proof of concept or supporting materials
  4. 4. Your name/handle and contact information (for recognition purposes)

Our Commitment

  • • We will acknowledge receipt of your report within 3 business days.
  • • We will investigate all legitimate reports and do our best to quickly resolve any verified vulnerabilities.
  • • We will keep you informed of our progress in resolving the issue.
  • • We will extend our thanks and recognition to researchers who report valid security vulnerabilities, while respecting anonymity if desired.

Safe Harbor

We encourage security research on our systems and will not initiate legal action against researchers who:

  • • Make a good-faith effort to comply with this policy
  • • Do not attempt to gain access to data beyond what is necessary for the purpose of identifying and reporting the vulnerability
  • • Do not engage in any malicious activity or cause intentional damage
  • • We appreciate your help in keeping our systems secure. Thank you for your responsible disclosure of any vulnerabilities you may find.