Bản dịch của chính sách và thỏa thuận pháp lý được cung cấp chỉ nhằm hỗ trợ để đọc và hiểu phiên bản tiếng Anh. Mục tiêu của việc cung cấp bản dịch cho chính sách và thỏa thuận pháp lý không phải là để tạo thêm thỏa thuận ràng buộc về mặt pháp lý và không nhằm để thay thế tính hiệu lực về mặt pháp lý của phiên bản tiếng Anh. Trong tường hợp có tranh chấp hoặc mâu thuẫn, trong mọi trường hợp, phiên bản tiếng Anh của chính sách và thỏa thuận pháp lý này sẽ chi phối mối quan hệ của chúng tôi và sẽ phủ quyết các điều khoản ở ngôn ngữ khác.
CHÍNH SÁCH TIẾT LỘ LỖ HỔNG PHỐI HỢP
Coordinated Vulnerability DIsclosure
GoDaddy encourages researchers to work with us on potential issues in our services or on our website. In order to encourage researchers to work with us, we agree that if, in our sole discretion, we conclude that a disclosure meets all of the guidelines of the GoDaddy Coordinated Disclosure policy, GoDaddy will not bring any private or criminal legal action against the disclosing party.
Non-Qualifying Vulnerabilities
Any domain not contained within GoDaddy is out of scope for the purposes of the Coordinated Vulnerability Disclosure, as is all hosted customer content and third-party programs and plug-ins.
The following actions do not qualify for Coordinated Disclosure and should not be tested by researchers participating in the Program:
- DoS, brute force, user enumeration or DDoS attacks
- Physical attacks
- Phishing attacks
- Any bug that relies on Social engineering
- CRIME/BEAST attacks
- Logout CSRF
- Banner or version disclosures
- Missing SPF records
- Directory listing (unless sensitive data can be found)
- Blackhat SEO techniques
- Any bug that relies upon an outdated browser
GoDaddy will not accept reports from automated vulnerability scanners.
Qualifying Vulnerabilities
GoDaddy will accept a report of any vulnerability that substantially affects the confidentiality or integrity of any eligible GoDaddy service. Eligible vulnerabilities include, but are not limited to: * Cross Site Scripting (XSS) * Authentication and Authorization Flaws * Cross Site Request Forgery (CSRF) * Remote Code Execution * SQL Injection * Directory Traversal * Click-jacking * Privilege Escalation
Suggestions for Good Reports
- The more detailed your steps for reproducing the bug, the better. This should include any pages that you visited, user IDs, links clicked, etc.
- Videos and images are always useful but are even more useful if accompanied by a description.
- Exploit code that consistently works can allow us to verify your vulnerability more quickly.
- Remember – details, details, details!
Confidentiality
Any information that you collect about GoDaddy, GoDaddy employees, or GoDaddy customers (“Confidential Information”) through the Coordinated Vulnerability Disclosure program must be kept confidential and may only be used in connection with the Program. You may disclose vulnerabilities only after proper remediation has occurred and you may not disclose Confidential Information without GoDaddy’s prior written consent. Any disclosure of Confidential Information outside of this requirement will result in immediate removal from the Program.
Legal
By participating in GoDaddy ‘s Coordinated Vulnerability Disclosure, you acknowledge that you have read and agree to GoDaddy’s Universal Terms of Service Agreement and Privacy Policy.
Your testing must not violate any law, disrupt services, or compromise any data that is not your own.
Revised: 08/04/2019 Copyright © 2019 GoDaddy.com, LLC All Rights Reserved.