Details
This is Version 2.1 of our Security Policy, last revised on 14th April 2025. | Slight changes
NetVibes is committed to fostering open and unrestricted communication, safeguarding user rights to freedom of expression. Platform security and stability are paramount to achieving this objective. Our dedicated security team is prepared to address and resolve any identified vulnerabilities. Complementing our internal expertise and advanced technologies, we actively solicit and appreciate user-reported security flaws. Therefore, we have established a formal vulnerability reporting policy to guide external collaborators.
Vulnerability Reporting Policy
• For any questions, concerns, or issues regarding your profile, please click here.
• If someone is misusing your brand, it is crucial to take immediate action to protect your reputation and intellectual property. This may involve issuing cease and desist letters, seeking legal advice, and monitoring the situation closely to prevent further misuse. You can prevent more issues by clicking contact us and in doing so, you can tell us about your brand and the way it is being misused, so we can shut the account in question down to prevent further misuse.
If you believe you have discovered a security bug or vulnerability on the NetVibes website, please submit your report here.
Frequently Asked Questions (FAQ)
What type of issues are considered security vulnerabilities and should be reported?
Please report all technical security vulnerabilities affecting NetVibes here. This includes, but is not limited to the following:
• Vulnerabilities include cross-site scripting (XSS), cross-site request forgery (CSRF), server-side request forgery (SSRF), SQL injection, return-oriented programming (ROP), and jump-oriented programming (JOP). Further risks involve compromised or embedded sensitive credentials, control-flow hijacking vulnerabilities, user data breaches, and unauthorized access to internal NetVibes resources, including backend source code and databases. Critically, arbitrary code execution vulnerabilities exist on both NetVibes servers and clients.
How can I be notified of any updates on a security issue I’ve reported which is being investigated?
The security issues reported will be evaluated based on criticality and business priority and go through our support ticket system accordingly. We will try to keep you informed of the progress of the particular case to the best of our ability.