Introduction

At Skywatch, we place the highest priority on the security of our systems and data. We appreciate the community’s efforts to identify potential vulnerabilities. Your contributions help us maintain a safer and more trustworthy environment.

Guidelines

• Respect Privacy: Avoid accessing or destroying data that does not belong to you.
• No Disruption: Do not engage in any testing that could degrade or interrupt our systems.
• Good Faith Research: Only use methods that are necessary to identify and validate a potential vulnerability.
• Legal Compliance: Comply with all applicable local, state, and federal laws.

Scope

This program is intended to cover:

• Explore: explore.skywatch.com
• Hub: hub.skywatch.com

OUT OF SCOPE:

• Clickjacking on pages with no sensitive actions
• Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
• Attacks requiring MITM or physical access to a user's device
• Previously known vulnerable libraries without a working Proof of Concept
• Comma Separated Values (CSV) injection without demonstrating a vulnerability.
• Missing best practices in SSL/TLS configuration.
• Any activity that could lead to the disruption of our service (DoS)