The Vulnerability
Disclosure Program

Security is important to us at Tamara. We constantly strive to ensure our customers feel safe and secure using our services. If you believe you have discovered a potential security vulnerability on any of our Tamara domains, report your findings to us so we can fix it as soon as possible - and earn rewards!

Reporting your findings:

We will get back to you within 14 business days after receiving the submission. You will be notified via email, SMS, or push notification.

Our Bug Bounty Program is temporarily closed. Please reach out to us at b64_d('c2VjdXJpdHlAdGFtYXJhLmNvCg==')

Expectations

• Please provide a clear, concise description, along with steps to reproduce, Proof-of-Concept, URL, and details of the vulnerable system when submitting a vulnerability.

• Please give us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. Depending on the severity of the issue, it may take us a few days to get back to you with feedback.

Out-of-scopes techniques

• Denial of Service or brute force attacks unless they expose confidential data.

• Spam or social engineering techniques conducted on any Tamara employee, vendor or contractor.

• Vulnerabilities only affecting users of outdated or unpatched browsers and platforms.

• Password policy, Absence SPF/DMARC, Missing Security Header, Self-XSS, Login/Logout CSRF, Lacking CSRF (unless affecting sensitive user action).