AcadJobs - Security Disclosure Policy
Welcome to the AcadJobs Vulnerability Disclosure Policy. At AcadJobs, we are committed to securing the future of education by connecting educators with schools up to Class 12. As India’s premier academic hiring platform, we prioritize scalability, reliability, and security. While our in-house teams work towards maintaining a strong security posture, we also value the expertise of ethical security researchers. If you are interested in contributing to a safer platform, we invite you to read on and participate in this initiative.
1. Scope of Research
- In-Scope:
- https://acadsjobs.schoolsuniverse.com
- https://www.acadsjobs.com
- Accepted Vulnerabilities:
Any vulnerability, including those from the OWASP Top 10 or SANS 25, is accepted if it:
- Directly impacts the in-scope systems.
- Is unique and not previously reported.
- Demonstrates a tangible security risk.
2. Out of Scope
- Any domain not explicitly mentioned above.
- Third-party applications, services, or integrations used by AcadJobs.
- API key disclosures without a proven security impact.
- Issues classified as low-risk under common security taxonomies.
- Findings requiring unrealistic user interaction or physical access.
- Security best practices (e.g., password complexity, security headers, cookie flags).
- Non-exploitable issues such as banner grabbing or metadata exposure.
- Attacks violating user privacy or disrupting platform functionality.
3. Prohibited Testing Methodologies
While we encourage responsible security research, the following actions are strictly prohibited:
- Denial of Service (DoS) or Distributed DoS (DDoS) attacks.
- Brute-force attacks or dictionary-based testing.
- Social engineering, phishing, or unauthorized access to user accounts.
- Any activity that disrupts AcadJobs’ services or harms users.
- Compromising or modifying AcadJobs systems in any way.
4. Reporting Procedure
To report a vulnerability responsibly, please follow the following:
- For any security-related queries, please contact security@acadjobs.co. We aim to acknowledge reports within five business days. If you do not receive a response, you may send a reminder after a week.
5. Our Commitments
- We will acknowledge your report promptly and collaborate on verification.
- We will keep you informed about progress and remediation timelines.
- We will remediate valid security issues within reasonable timeframes.
- We will not take legal action against researchers acting in good faith.
- We will recognize contributions from security researchers.
5. Our Expectations
- Researchers must adhere to ethical hacking principles and avoid violating applicable laws.
- If a vulnerability poses a critical risk (e.g., data leakage, RCE, service disruption), stop testing and report it immediately.
- If you gain unintended access to sensitive data, do not download, share, or modify the data in any way.
- Use only official channels to discuss findings; do not share reports publicly without permission.
- Allow at least 30 days for resolution before requesting public disclosure.
6. Confidentiality Agreement
Both AcadJobs and security researchers must maintain strict confidentiality throughout the disclosure process. Vulnerability reports and related discussions should not be shared with third parties without written consent.
7. Safe Harbor Policy
AcadJobs considers all security research conducted under this policy to be:
Contact Information
If you have any doubts regarding our policy or require clarification, please reach out via our official channels before proceeding. We are committed to working collaboratively with the security community to ensure a safer platform for educators and schools.
Thank you for helping us build a secure and reliable AcadJobs platform!
For questions or concerns about these Terms, contact us at: