Security and privacy of our users is very important for us. We take utmost care to ensure that our systems are protected and our developers strive to write secure code. We realize that there is no silver bullet when it comes to security and there are times when security bugs sneak through despite our best efforts. We ensure that all security issues reported are reviewed and resolved promptly.
Reporting a security issue
We would like to foster a culture of collaboration to achieve better security and make the internet a better place. If you believe that you have found a security issue that can adversely impact InMobi's systems, please do contact our security team at secops [at] inmobi.com. A member of our security team will reach out to you and will work with you to validate, qualify and resolve the issue.
Our expectations from you:
- A detailed description of the issue
- Steps to reproduce the issue
- You will follow responsible disclosure guidelines (see below)
- Collaborative spirit
- No malicious activities (**)
Our promise to you:
- Prompt acknowledgement of the report (within 2 business days)
- Transparency throughout the process
- An environment conducive of collaboration
- Adequate mitigation of the issue
- Recognition of your efforts (if you are the first one to report the issue)
We at InMobi believe that with great knowledge comes great responsibility. We expect that you will give us reasonable lead time to respond to your report before making any information public and that you will make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research. We will reciprocate the gesture by working with you to mitigate the issue to the satisfaction of both parties.
We would prefer that interested researchers coordinate their efforts with our security team, so that we can avoid any untoward incidents that could affect confidentiality, integrity or availability of InMobi's systems.
We classify malicious activities as follows
- Any kind of DoS attack
- Automated scanning
- Deliberate attempts at harming InMobi systems
- Introduction of backdoors/trojans/malware in InMobi systems
- Attempts to breach confidential data
All attempts to cause harm to InMobi’s systems and data and that do not follow responsible disclosure will be pursued legally to the full extent permitted by law.