We ask if external parties find any sensitive information, potential vulnerabilities and/or weaknesses that they please help by disclosing it to us in a responsible manner.  If you want to encrypt your disclosure email, please email us at security@98point6.com by using our PGP key below.

We request that parties do not engage in any of the following:

  • Attempts to modify/destroy/corrupt other users data.
  • Attempts to (D)DoS 98point6 products, services or applications.
  • Any violations of applicable law.
  • Accessing other user’s account details or any other user’s private information.
  • Testing any of the out of scope resources or vulnerabilities listed in the next sections.

We may ask parties to destroy any information they hold that does not belong to them, after we have confirmed the vulnerability. This includes Protected Health Information (PHI) or Personally Identifiable Information (PII), and any other information we deem a threat to the security or privacy of our customers.

Out of scope resources

  • assets.98point6.com
  • go.98point6.com
  • links.98point6.com

Out of scope vulnerabilities

  • Incomplete or missing SPF or DKIM
  • SSL/TLS best practices without proof of exploitability (these are in scope if there is proof)

Customer Security

Since we deal with PHI and PII we require that any such information is transmitted and/or stored securely. We request that details of any PHI/PII or the disclosed vulnerability not be disclosed to any third parties or to the public to the extent legally possible.

Commitment

Reports submitted to 98point6 in good faith and pursuant to this process will result in 98point6’s commitment to the following:

  • We will acknowledge receipt of your vulnerability report and send you regular updates about our progress.
  • If your report is reproducible as an exploit and results in a change to the code base or documentation of a 98point6 product, we will – at your option – publicly acknowledge your responsible disclosure.
  • Any information shared with us will be kept confidential within 98point6 where permitted by law.

Top Researchers

Researchers are listed here based on adherence to our program guidelines and successfully submitting a vulnerability that resulted in change:

  • Sachin Birendra Pandey (Thakur College of Engineering & Technology)
  • Ahmed Serag El-Barougy
  • Bryan Matthew
  • Robert Aaron (Birla Institute of Technology & Science, Pilani)
  • Keshav Malik
  • Prajwal Khante
  • Muhammad Julfikar Hyder (University of Information Technology and Sciences)
  • Abhinav Porwal
  • Dinesh Kumar .K (SICCSEGV)
  • Kartik Joshi
  • Rahul D V

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFix20gBEADenQ/IpWywB7i8LEaZxoSS9laNkjDvEtQJ8GiXYgYinPeRfXT7
d7h1UBrUnbs6JOF9X+aO2px4kM4w3Ohg3Qi5DJUYDIiNTO/l17RYohY+kUlumQ5l
kH24q8JCxEHpkPQ/os9ANol0wNBJcGweqx6A0JVpqd+L+DQINl697h2Vb7r+PemR
7S6sHkwu2byrBABMvzpAmS+763DsC6Az2ZZdlHoDcUsY3R/EAE17ZQdNOmOL4qKR
XKIWZGgpHzJwfSQqRZh6agCiYzoahvHdt68Crrttz5URGrNJKoHkdOaikEORsypt
yQJucXQ19EZ/Br+Np5BCXWDhXw/kBumcYwQpiNTE3hUHH7wyzEyHYPZscOD7ViDe
4xpQAX385fgQ3bqBOOK6vRkCJCWfqAGHWgHiszE6U++Rql6EDQRRiWPhqMRgy7p3
MSXPPTEoDq07/dRhPplFboONVsNBUXq8gAFF3ChzSsgYjB658o17mIC2Wu95rEUo
njO9RVtcb1LP6a2jYPpCxvIxMHabZ222R2bdGskWG15NWMQhSazXbW0bi38nLQO6
U089hRyfLezyaPf5YFDRmF1T6XoFwsecYxEWeILyBquUksN0IEm1kmIcAWXug5/g
pXzf/3CALS92v+fP9yb8kRhu5CmqHUy2UFSaTsaRqx0Pe6Y427nPlQiuEQARAQAB
tClTZWN1cml0eSA5OHBvaW50NiA8c2VjdXJpdHlAOThwb2ludDYuY29tPokCUgQQ
AQoAPAYLCQgHAwIEFQgCCgMWAgECGQECGwMCHgEWIQT7c9ZmwBH4FLYE6cLrvnyh
/V6QHQUCXHbHvgUJB4wo9gAKCRDrvnyh/V6QHQ6ZEACLfedBdsfX15Yugom6EKJc
NyuBZ3jD3RstcAu6ARyeYtlRJanMgLjzVJ9Tzzf2ejNWC6h0jMAxGXJxzmn1LNXV
mY0P8LIksyLEzqXLn9PRr/Eh7KMpmYUWmYVxUNPaDBjcao714vYr7Molu+a/oN9j
FXzI21n0ueqSqyKCpDEz0sfGVaDIaN3SlH+HoOR7HkoIANOd6YKO92TD0UejdJae
Oaag9TSnyO4nXs7N3zLHiZppDdUoOSN1fCmSPppjsCltmfsSHFMnsYj+j45u1iRu
drkknQaZBTQRkSKiwiJDFwUs+nf1fqvO27E3R3+BuED+6Enw8Tmj/uTe23UjpiN8
iiWIb0nhDmCDfxmfTITF9dqbDyaxhqTDLH7CxFCdxIG6Iu/AwBMAuizcpSjJ7SwB
OjrT0aNKU8TWL6iCwrGfjXkQYIouZlhmLXVacHbTh7E7ImN1C9Tn10fxLSgAGygm
1kFpq9G3gjihM3p/HxvFmuq59KbjmJhYA5BDBx6IA3b9pB/ldlOgCUeLWVGxHzEv
zkOl7QfLD7MNmZr0ZNiPpNMXryIby05sxjDJIEC9o5Qwif5noe1t5VJ9OrwsVcqE
L7Q9WAfwnFBLaGdZmOa9umpWFJKqokcZSYqOBw2pCc/LaNHP02/Zxqajv92nXnoz
yj/3N//J5lClcAf+KxbJ+7kCDQRYsdtIARAA3G1lM3fumvzN9jA8XSfCxBA+TJDR
//d5nGPElld5DOfpanfzZKGcbEwbbRlKiB6C7ouubEEnblafFe+XcAROu4UDf0zc
320nnfKihS6gtvAQTBZ8S+mhUaYFzgaV3riyyESctrrL/v8ziHoOnGnqtBbSzC7T
H6/asETbc1j4moilH8KaID36IDRvEdRr01QsKEKa5X2+Lby/9LEZo9TJW//H9uTa
EDybimLXCAXGThRskLYpDC59+TXUOMEg7gmRciUACMnnlND2y5tdlO8sQZu57KFm
bTPYVjsdoSMGlm55nW89OjNUd8h8WknEMYvw9PDUlAPuxUTVqVuEqOBBKsjDPqdV
xJ63ph3io3QO1N4cj5BC01hwLmZRCZ47EO+pjR/ls0anyxxwtnfDuIrtL+5EIgzf
Y1FTELxW62gIpdTjVNAYeKmYJtNhagbfAp1Si3Paq/DVxcdHEvop7Iq/GmRtRfYl
fKZU2SOihFZH9Pio+bt4YTF8rYKlGeGY3wb06BmIiJ/PLaEpBej1qtK7dffKjbCd
HIFcqWrYAQBZ6EwvsLep6qkWk/1XyDCqRTYmDbKW0Y7XK/kYnp+Pp1NevdNe3hy9
Bs3oYGy4jr2QnNfMg41PlhuwHN3BGOTfIq4iyDZIhS+9k3LTAgbMF0tt/cftAelt
5tzowwV1pFnucUsAEQEAAYkCPAQYAQoAJgIbDBYhBPtz1mbAEfgUtgTpwuu+fKH9
XpAdBQJcdsfiBQkHjCkaAAoJEOu+fKH9XpAd82IQAL5Qsi74YzC3Qg8UxQeNq0HZ
vzVMJK4zH5WuyM+uxxBDy+Q2IsG8uKwjgqrh7QHJLR06YTyOzjl//gCtFthCbG/x
g9l0k2etIn441RqGJI6xm4CcU2UYbbqahgKHCmu/BomUOsr7uv+ycKM2exIqXjEH
Aw/ywbd960JkJncg+BNN3V0rAzRNEZ+cv1sBE9BEwm3AggmX0jRsVZ9jNg71AOiG
cK+QN2MZ1HSdtKtuf4giHqQzyu5ZDnApvnpETvbRGuxN4YiJpF5GVbURzLC4cOi3
4jcpMDa4adv49r7d62O9rKBuf+WM00sMduRcvLKlrBV59MWYCE6ivs1jJHidYMDb
O5q5X/zzPMpjBWYjjwpSZSUZF/CGiRGho+baikYFKdB6QZU5rDk6/RfHr9enjKZS
Y96o/s78AGn+3gGA1MeyEcfGx1XBysl2XrHEsHJcjarKn11pZsktiKLsuvkOUIsP
q/nYq7BsjtpRawWhklRH7LHROpRR3xNHoA/N6VQRA3RVQlKvC3iDBdduDASijr5Z
7jMqazdxDxTCaizXu3LTBp5jqpU8zRQQxxJq2QZ8rBlImxRuHyVyo/PtUF/EJhaR
gAIqofpn9pGX+XWlm6zTDDMoVpD1IoEYDwQXAWqxUv1hQb9/HcFE3Nkf48iq8yyh
i9LFM8ONYo49bukb1Nvr
=3svx
-----END PGP PUBLIC KEY BLOCK-----