WoSBotPro
Sign inStart free trial →

Security

How to report a security issue and what we promise in return.

Reporting a vulnerability

Email security@wosbotpro.com with reproduction steps and any proof-of-concept. PGP key fingerprint on request.

We respond within 3 business days, fix or mitigate within 90 days, and credit you in the public release notes if you wish.

In-scope

  • wosbotpro.com and dev.wosbotpro.com
  • Supabase Edge Functions exposed under *.supabase.co/functions/v1/*
  • The signed Windows installer and the running desktop application

Out of scope

  • Denial-of-service or volumetric attacks
  • Issues requiring physical access to a victim's machine
  • Vulnerabilities in third-party services we use (report directly to that vendor)
  • Self-XSS, missing security headers without a working PoC, theoretical-only findings
  • Game-side detection or anti-cheat questions (not our infrastructure)

Safe harbor

We will not pursue legal action against researchers acting in good faith and within this policy. Make a reasonable effort to avoid data loss, service degradation, and privacy violations during testing. Use your own test accounts.

Bounties

We do not offer cash bounties at this time. We do offer free subscription credit and public acknowledgment, sized to the severity of the finding.