Security at Lvna Capital
Lvna Capital takes the security of the platform and of its users very seriously. We recognize the important role of external security researchers and developers in helping keep our community safe. As with most security programs, we ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not take kindly to denial of service, spam, or social engineering vulnerabilities. If you believe that you have found a security vulnerability please do not create an issue or file a pull request on GitHub. You may reach the security team at security-research [at] lvnacapital [dot] com (optionally using our PGP key) under the same responsible disclosure terms outlined above.
When conducting vulnerability research according to this policy, we consider this research to be:
- Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
- Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
- Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
- Lawful, helpful to the overall security of the Internet, and conducted in good faith.
- You are expected, as always, to comply with all applicable laws.
Questions and Concerns
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via vrp-support [at] lvnacapital [dot] com before proceeding any further.
Hall of Fame
No vulnerabilities reported...yet.