Security policy
1. Reporting a Vulnerability
Please send reports to security@biotus.ua.
For secure communication, use our PGP key.
Your report should include:
- The URL or service where the vulnerability was found
- Step-by-step reproduction instructions
- Expected vs. actual behavior
- Potential impact
- Screenshots or proof-of-concept, if available
2. Scope of Testing
You may test:
- Web applications and subdomains under
*.biotus.ua - All official Biotus domains, including:
biotus.uabiotusnew.plbiotus.itbiotus.ro
- Official Biotus mobile applications
You must not:
- Launch Denial of Service (DoS/DDoS) attacks
- Access or modify customer data
- Perform large-scale automated stress testing
- Disclose vulnerability details publicly before a fix is released
3. Report Format
Your report should contain:
- A short title of the vulnerability
- A detailed description
- Clear reproduction steps
- The potential risk for users or the company
- Additional supporting materials (screenshots, code, etc.)
4. Response Timeline
We commit to:
- Acknowledge receipt of your report within 72 hours
- Provide a status update within 30 days
- Share the final resolution (fixed / planned / not an issue)
5. Legal Safe Harbor
Researchers who comply with this policy:
- Act solely within the approved purpose of information gathering.
- Will not be subject to legal action or claims by Biotus or third parties in connection with conducting security research under the scope of this policy.
Я вспомнил свой пароль