We appreciate your help in finding bugs and identifying vulnerabilities in Popup Maker!

To ensure sites stay secure, please do not post security issues in the public issue tracker.

Instead, to report a security issue, please complete our Report Security Vulnerability form.

When working with us according to this policy, you can expect us to:

• Work with you to understand and validate your report, including a timely initial response to the submission;
• Work to remediate discovered vulnerabilities in a timely manner; and
• Recognize your contribution to improving our security if you are the first to report a unique vulnerability, and your report triggers a code or configuration change.

Vulnerability details may be shared with third parties after the vulnerability has been fixed and the program owner has provided permission to disclose or after 90 days from submission, whichever is sooner.

When conducting vulnerability research according to this policy, we consider this research to be:

• Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
• Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
• Lawful, helpful to the overall security of the Internet, and conducted in good faith.

You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please reach out to us before going any further.