Responsible Disclosure Policy

MAKAIO CREATIVE GROUP

INTRODUCTION

At MAKAIO CREATIVE GROUP, we take security vulnerabilities and concerns seriously. We encourage the community to report potential vulnerabilities and incidents privately and responsibly.

OUTLINED BELOW IS HOW MAKAIO CREATIVE GROUP HANDLES POTENTIAL VULNERABILITY DISCLOSURES AND WHAT TO EXPECT WHEN MAKING A DISCLOSURE.

Our goal is to address reported legitimate issues as quickly and efficiently as possible. However, handling disclosed issues may not always be straightforward. While some issues can be quickly analyzed and resolved, others may be more complex or have a broader impact, requiring careful behind-the-scenes work.

RESPONSIBLE DISCLOSURE PROCESS

Throughout the reporting process, we are committed to keeping all information confidential and working with the disclosing entity to understand and address the issue properly. We request that:

  • You act in good faith and identify bona fide issues.

  • You avoid attempting to compromise accounts or data.

  • You refrain from attempting to interrupt or degrade our services or impact the stability of the platform (e.g., Denial of Service attacks).

  • Issues be disclosed to us privately, allowing us reasonable time to respond.

  • You avoid disclosing any information publicly until we have had the opportunity to understand the impact and mitigate potential risks.

When issues are reported to us, we strive to acknowledge the report promptly and investigate the matter without delay.

REPORTING

Please provide the following information if possible:

  • Exact reproduction steps, in text format only.

  • URL and parameters demonstrating the vulnerability (if applicable).

  • Any relevant details of your system's configuration.

  • Your IP address and MAKAIO CREATIVE GROUP account, for matching with our logs.

Please refrain from sending any executable attachments. If you need to share sensitive information, please submit a form here, and we will coordinate an encrypted transfer.

EXCLUSIONS

The following is a non-exhaustive list of examples not considered valid issues:

  • User or account enumeration.

  • Best practices configurations/policies (e.g., DMARC, SPF Records).

  • A POC dependent on executing a man-in-the-middle (MITM) attack.

  • Email spoofing.

  • Clickjacking or similar techniques.

Note that these are just a few common examples. MAKAIO CREATIVE GROUP reserves the right to determine what constitutes a valid submission.

At this time, MAKAIO CREATIVE GROUP does not operate a public bug bounty program and, therefore, does not offer monetary rewards.

Thank You

We appreciate your responsible disclosure of vulnerabilities and concerns. We respect the security researchers' community and value the efforts made to disclose responsibly.