default

We’re headed to the lone star state for an action packed day on AI for MSPs. | June 26, 2025

Save your spot now!

AI
Marketplace
BOOK A DEMOGET STARTED FOR FREE
Features
Solutions
AI
Pricing
Resources
Marketplace
BOOK A DEMOGET STARTED FOR FREE

Terms & policies

Terms of use
Data Processing Addendum
Data hosting policy
Privacy policy
Cookie policy
GDPR
Security
Responsible disclosure
Security hall of fame
Responsible AI Practices

Responsible Disclosure

At SuperOps, security is a top priority, and we are committed to safeguarding our customers' data with the highest standards of protection. We greatly value the contributions of independent security researchers and ethical hackers in strengthening our defenses. Our Responsible Disclosure Program is designed to encourage responsible reporting of vulnerabilities, allowing us to address potential security risks swiftly and effectively. By fostering transparency and collaboration with the security community, we aim to create a safer and more resilient platform for everyone.

As a token of appreciation for those who help enhance our security, we publicly recognize contributors by adding their names to our Security Hall of Fame.

Reporting Guidelines

Please follow the guidelines below when reporting a vulnerability:

  • Do not disclose the reported vulnerability to others until we have had a reasonable amount of time to address it.
  • Do not exploit the vulnerability you have discovered by downloading more data than necessary to demonstrate the issue or by deleting or modifying other users' data.
  • Make every effort to avoid privacy violations, data destruction, and service interruption or degradation. Only interact with accounts you own or those for which you have explicit permission from the account holder.
  • Do not perform Denial of Service (DoS) attacks, cause data corruption, trigger buffer overflows, or take any action that could impact the confidentiality, integrity, or availability of our data and systems.
  • Do not engage in social engineering or phishing attacks targeting customers or employees.
  • Submit a detailed report of your findings, including proof of concept, impact, screenshots, reproducible steps, and recommendations. Failure to provide sufficient documentation may lead to delays in the disclosure process or the report being deemed invalid.
  • Multiple vulnerabilities stemming from a single underlying issue will be considered one vulnerability.
  • Do not request compensation for time, materials, or discovered vulnerabilities through the Responsible Disclosure Program.
  • Our Commitment

    If you adhere to these guidelines when reporting an issue,

    • We will not pursue or support any legal action related to your research.
    • We will review your report and provide feedback on the same.
    • We will work with you to validate and resolve the issue, including an initial confirmation within 72 hours of submission.

    Program Scope

    • *.superops.com
    • SuperOps for iOS and Android (mobile app)

    SuperOps does not accept vulnerabilities found in third-party services, unless specific mitigations from SuperOps are required to remediate the issue.

    Out of Scope Vulnerabilities

    • Browser cache-related issues
    • Clickjacking issues, unless an exploit demonstrating account takeover or disclosure of sensitive resources is provided
    • Missing SPF/DMARC records
    • Open redirects without a severe impact
    • Open ports without an accompanying proof of concept demonstrating vulnerability
    • Directory listing with readable content that is already public
    • SSL issues such as BEAST, BREACH, renegotiation attacks, forward secrecy not enabled, weak/insecure cipher suites, and missing best practices
    • EXIF data not stripped from images
    • Presence of common public files, such as robots.txt or files in the .well-known directory
    • Denial of Service (DoS, DDoS) attacks
    • Self-type Cross-Site Scripting (Self-XSS)
    • CSRF on anonymous resources or any CSRF issue that does not include an exploit demonstrating control over sensitive actions
    • Missing best practices in SSL/TLS configuration without proof of concept or demonstrated vulnerability
    • Content spoofing and text injection issues without an attack vector or the ability to modify HTML/CSS
    • Missing HttpOnly or Secure flags on cookies not related to authentication or sessions
    • Domain Name System Security Extensions (DNSSEC) configuration suggestions
    • Previously known vulnerable libraries without a working proof of concept (PoC)
    • Comma-Separated Values (CSV) injection without demonstrating a vulnerability
    • Brute-force attacks or lack of rate-limiting mechanisms
    • Tabnabbing
    • Username/email enumeration via the login page or forgot password page error messages
    • Vulnerabilities affecting outdated or unpatched browsers or operating systems
    • Security practices such as banners revealing software versions or missing security headers
    • Vulnerabilities on third-party-hosted sites unless they lead to a vulnerability on the main website
    • Vulnerabilities contingent on physical attacks, social engineering, spamming, etc.
    • Bugs already known to us or previously reported by someone else (recognition is given to the first reporter)
    • Bugs that have not been responsibly investigated and reported
    • Vulnerabilities requiring Man-in-the-Middle (MitM) attacks
    • Issues that we cannot reasonably be expected to address
    • Reports from current or former employees of SuperOps
    • Reporting viruses
    • Reports generated by automated scripts or scanners
    • Submitting complaints about services
    • Fraud reports and/or suspicions of fraud from false emails or phishing attempts
    • Application stack traces (path disclosures, etc.); however, if the response leaks application secrets, it is considered a valid bug

    For mobile devices (Android & iOS apps):

    • Application crashes
    • Lack of obfuscation
    • Android backup vulnerability
    • Absence of certificate pinning
    • Exploits using runtime changes
    • Irrelevant activities/intents exported
    • Snapshot, pasteboard, or clipboard data leakage
    • Exploits reproducible only on rooted/jailbroken devices

    How to report

    Ready to report a security issue? Click here to submit.

    Powered by AI Superpowered for IT Pros

    SuperOps

    About usOur philosophyFeaturesPricingMarketplaceCustomersNews roomCareersContact usAffiliateResellersTech partnersEvents

    Platform

    PSARMMProject ManagementIT DocumentationAIFor IT teams

    Resources

    CommunityBlog - The BugleSuperPodSuperPod BytesBooksHelp CenterRoad to 1 millionTemplatesWebinarsStartups
    Marketplace
    SplashtopTeamviewerConnectwise ControlXeroWebrootQuickbooks OnlineQuickbooks DesktopPax8
    Features
    Asset ManagementPatch ManagementAlert ManagementPolicy ManagementIntelligent AlertingService DeskQuote ManagementAutomationClient ManagementContract ManagementNetwork MonitoringMobile appSmart TrackerScheduling

    Learn

    Best RMM softwareUEM SoftwareBest Patch Management SoftwarePatch ManagerUEM VS EMM VS MDMMSP AutomationBest PSA SoftwareBest IT Ticketing ToolOpen source RMM

    Compare

    AteraSyncroNinjaOneDatto HaloPSAConnectwisePulsewayKaseya

    Subscribe to our newsletter

    Follow us on

    social
    social
    social
    social
    social
    SOC_LogoHIPAA_LogoISO_Logo

    © 2025 SuperOps. All rights reserved

    Terms of use
    Privacy policy
    Cookie policy
    GDPR
    Security

    Contact us: +1 628-270-9924 | +44 20 4525 2090

    Powered by AI Superpowered for IT Pros

    © 2025 SuperOps. All rights reserved

    SuperOps

    About usOur philosophyFeaturesPricingMarketplaceCustomersNews roomCareersContact usAffiliateResellersTech partnersEvents

    Platform

    PSARMMProject ManagementIT DocumentationAIFor IT teams
    Features
    Asset ManagementPatch ManagementAlert ManagementPolicy ManagementIntelligent AlertingService DeskQuote ManagementAutomationClient ManagementContract ManagementNetwork MonitoringMobile appSmart TrackerScheduling

    Resources

    CommunityBlog - The BugleSuperPodSuperPod BytesBooksHelp CenterRoad to 1 millionTemplatesWebinarsStartups
    Marketplace
    SplashtopTeamviewerConnectwise ControlXeroWebrootQuickbooks OnlineQuickbooks DesktopPax8

    Learn

    Best RMM softwareUEM SoftwareBest Patch Management SoftwarePatch ManagerUEM VS EMM VS MDMMSP AutomationBest PSA SoftwareBest IT Ticketing ToolOpen source RMM

    Compare

    AteraSyncroNinjaOneDatto HaloPSAConnectwisePulsewayKaseya
    SOC_LogoHIPAA_LogoISO_Logo

    Subscribe to our newsletter

    Terms of usePrivacy policyCookie policyGDPRSecurity

    Follow us on

    social
    social
    social
    social
    social

    Contact us: +1 628-270-9924 | +44 20 4525 2090