| hidden | true |
|---|
Burla welcomes good-faith security research and the responsible disclosure of vulnerabilities that may affect our systems, services, or users.
If you believe you have discovered a security vulnerability in Burla, please report it to:
Please include as much of the following as possible:
- a clear description of the issue
- steps to reproduce it
- the affected URL, endpoint, or service
- screenshots, logs, or proof of concept if helpful
- your contact information so we can follow up
If you submit a report in good faith and in line with this policy, Burla will:
- review the report promptly
- investigate legitimate issues
- work to remediate confirmed vulnerabilities in a reasonable timeframe
- communicate with you as appropriate during the review process
To keep research safe and responsible, please:
- act in good faith
- avoid privacy violations, destruction of data, and interruption of service
- only test against accounts and systems you own or are explicitly authorized to test
- stop testing and notify us immediately if you encounter customer data or other sensitive information
- give us a reasonable opportunity to investigate and address the issue before any public disclosure
Please do not:
- access, modify, or exfiltrate data that does not belong to you
- perform denial of service or stress testing
- use phishing, social engineering, spam, or physical attacks
- introduce malware, ransomware, or other malicious payloads
- exploit a vulnerability beyond what is reasonably necessary to confirm that it exists
This policy applies to Burla-owned public-facing applications, services, and infrastructure unless otherwise stated.
Third-party services, providers, and applications not owned by Burla are out of scope.
Burla will not pursue legal action against researchers for good-faith testing conducted in a manner consistent with this policy.
This safe harbor applies only to activities that:
- are intended solely to identify and report vulnerabilities
- avoid harm to Burla, its users, and third parties
- comply with all applicable laws and regulations
Burla does not currently offer a paid bug bounty program unless explicitly stated otherwise.
Please send vulnerability reports to: