Your security as a customer and the trust you have reposed on us is important to us.
It is why we diligently try to make our web hosting platform as safe and secure as possible for you.
But we also do understand that it takes a village to raise a great kid.
It is why we appreciate the work of security researchers who are doing their best to make the Internet a better place.
It is with this in mind that we have developed this program to make it easier for security researchers such you to report vulnerabilities that could impact our platform.
If you believe you have found a security vulnerability that could impact OCS Hosting & Domain Services or our users, we encourage you to let us know right away.
We will investigate all legitimate reports and do our best to quickly fix the problem.
SCOPE
- 1. the program is limited to ordercloudserver.com web properties.
- 2. customers of ordercloudserver.com, or non ordercloudserver.com sites in-front or behind our infrastructure are out of scope.
- 3. submissions that are specifically detailing a "best practice" are out of scope unless they are exploitable in mass.
EXAMPLE: Missing SPF records or other email mis-configuration is not a reportable issue unless you can demonstrate that this missing record or mis-configuration allows you to successfully do something with significant impact.
If you are a customer and have a password or account issue, please visit submit ticket URL to submit a ticket.
ELIGIBILITY and DISCLOSURE
In order for your submission to be eligible, you must be the first person to responsibly disclose an unknown issue.
If yours is a legitimate report, it will be reviewed and assessed by OCS Hosting & Domain Services security team to determine if it is eligible.
Due to the Children's Online Privacy Protection Act (COPPA) and as mentioned in our Privacy Policy, OCS Hosting & Domain Services website and services are not intended for, or designed to attract, individuals under the age of 13.
Reporters under the legal age of of the country where they reside will not be eligible to receive OCS Hosting & Domain Services rewards unless a verifiable letter from a legal custodian is submitted.
REWARDS
For each eligible vulnerability report, the reporter will receive:
- 1. recognition on our Hall of Fame.
- 2. a limited edition OCS bug hunter t-shirt. OCS Hosting & Domain Services employees don't even have this shirt. It's only for you all. Wear it with pride: you're part of an exclusive group.
- 3. 90 days of OCS Hosting & Domain Services SOLO hosting package is on us.
Please note that monetary compensation is not currently offered under this program.
EXCLUSIONS
The following conditions are out of scope for the vulnerability disclosure program.
Any of the activities below will result in disqualification from the program permanently.
- 1. physical attacks against OCS Hosting & Domain Services employees, offices, and data centers.
- 2. social engineering of OCS Hosting & Domain Services employees, contractors, vendors, or service providers.
- 3. knowingly posting, transmitting, uploading, linking to, or sending any malware.
- 4. pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
- 5. any vulnerability obtained through the compromise of a OCS Hosting & Domain Services customer or employee accounts.
- 6. being an individual on, or residing in any country on, any U.S. sanctions lists.