Skip to main content

Vulnerability Disclosure Policy

PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC (“We,”,”Us“, “Our“) as a Data Controler of PopIt Snack Platform, We take security issues very seriously and strive to lead by example. We recognize the importance of collaboration between vendors, researchers, and customers and seek to improve the safety and security of the community as a whole through a coordinated disclosure process.

This policy outlines the steps researchers should take to report security issues to PopIt Snack Platform, as well as the process We use when disclosing vulnerabilities to users.

POPIT SNACK PLATFORM LEGAL HUB REPORTING VUNERALIBILITY

Reporting vulnerabilities Issues for Plugins, Themes, and Core of PopIt Snack Platform

We grants users the ability to seek Our plugin, theme, and core vulnerabilities. Please fill out the Bug Request form located here to request in the following situations:

Must Meet The Terms and Conditions

  1. You have identified a security vulnerability in a Our plugin.
  2. You have identified a security vulnerability in a Our theme.
  3. You have identified a security vulnerability in a Our core.

Our team will review your submission and report back within 1-3 business days with an additional information. All minimum guide to can be found here.

How To Report The Vulnerability

If you have any questions, please send an email to dpo@popitsnack.com or contributing to Our Privacy Center.

 

Reporting Security Issues in PopIt Snack Platform Services

Contact Our Team by sending email to security@popitsnack.com or contributing to Our Privacy Center in the following situations:

Must Meet The Terms and Conditions

  1. You have identified a potential security vulnerability with one of our services.
  2. Instructions provided in the Reporting Details column correspond with one or more checked columns in the Reporting Methodologies column, for each requirement/testing procedure.
  3. Reporting details using PCI DSS 3.2 ROC guidelines or with an help legit comprehensive scanning vendor report.

To ensure confidentiality, We encourage you to encrypt any sensitive information you send to Us via email. We are equipped to receive messages encrypted using Our public PGP key.

After your incident report is received, the appropriate personnel will contact you to follow-up. We  attempts to acknowledge receipt to all submitted reports within seven days.

How To Report

The security@popitsnack.com email address is intended ONLY for the purposes of reporting service security vulnerabilities. It is not for technical support. All content other than that specific to security vulnerabilities in Our services will be dropped.

 

Software – Code Vulnerability Disclosure and Remediation Process

When Our Team finds a vulnerability in another vendor’s product, or if a vulnerability affecting Our plugin is disclosed to Us, We take the following steps to address the issue. “Vendor” below may refer to Us or to an external vendor such as Data Processor.

Steps

  1. Our Team verifies the vulnerability and determines severity.
  2. Where possible, We develop a Web Application Firewall (WAF) rule to protect Our customers. This rule is obfuscated to prevent reverse engineering.
  3. We notify the vendor, if necessary, and simultaneously release a firewall rule to protect Our customers via the Post/ Feed. Affiliate sites are updated immediately with the rule and no customer action is required.
  4. Details of the vulnerability may be published after the following deadlines, based on the date the vendor was notified:
  5. 30 days if vendor acknowledges Our report within 14 days of initial contact;
    1. 14 days if vendor does not acknowledge Our report within 14 days of initial contact;
    2. At our discretion if the vulnerability is being actively exploited to inform and protect Our community;
    3. If a deadline would fall on a weekend or holiday, the deadline will be placed on the earliest following business day.
  6. Once the vendor releases a fix, or a disclosure deadline is reached, We announce the existence of the vulnerability to encourage the community to upgrade.
  7. Regular Customers/ Public begin to execute the WAF rule maximum 3 days after the initial release to Affiliate customers/ Application release.
  8. For futher information and changelogs about Application release, We already located here.

All aspects of this process are subject to change without notice, and to case-by-case exceptions.

 

Service Vulnerability Disclosure Policy

We define a service vulnerability as any issue with a technology service that represents an exploitable security risk for its users. We draw a distinction between service and code vulnerabilities, because in many cases, the service vulnerability is due to configuration issues instead of a code bug.

When Our Team discovers a security vulnerability in a service, such as hosting, We take the following steps to address the issue:

Steps

  1. Our Team verifies the vulnerability and determines severity.
  2. Details of the vulnerability may be published after the following deadlines, based on the date the vendor was notified:
    1. 30 days if vendor acknowledges our report within 14 days of initial contact;
    2. 14 days if vendor does not acknowledge our report within 14 days of initial contact;
    3. At our discretion if the vulnerability is being actively exploited to inform and protect Our community;
    4. If a deadline would fall on a weekend or holiday, the deadline will be placed on the earliest following business day.
  3. Where this service vulnerability directly affects a customer, We may notify that customer if there are actions they can take to remediate the issue. We will not provide technical details of the service vulnerability until We disclose publicly.
  4. The service provider releases a fix or the deadline passes, and we announce the vulnerability via Our post/feed.

All aspects of this process are subject to change without notice, and to case-by-case exceptions.

 

PopIt Snack Platform’s Bug Hunt

To Be Announce Immidiatelly

Did the information shown in this page help you solve your problem?

The purpose is receiving the feedback from the visitors, so we can make necessary changes to our informations which increase trust and customer satisfaction and make our platform better. For futher information about Customer Research: Designing for Transparency and Trust, please visit our Trust and Transparency Principles.

SWITCH DARK MODE - Works across all operating systems including Android, iOS, macOS, Microsoft Windows, Linux, Unix. Our accesibility systems intelligently detects device preferences and dynamically delivers a handcrafted, expert-designed dark mode experience for your readers. Toggle darkmode by bluetooth keyboard shortcut (Ctrl+Alt+D). For the best experience when using this application platform, We recommend upgrading to the latest version of one of the latest browsers available. For convenience and security, this site looks best at a mobile screen resolution of 720x1280 pixel or higher, at least using the latest version of the latest mobile web browsers like Chrome, Mozilla Firefox, Safari, Microsoft Edge, Opera, or Brave Browser. We recommended you to install the PopIt Platform App from your device's application Store.

ACCESIBILITY DISCLAIMER