At Scruter, we prioritize the security and privacy of our users. We are committed to protecting the information you share with us and providing a safe platform for buying, selling, and community interactions. This document outlines the procedures for reporting security issues and our commitment to addressing them swiftly.
Scruter provides security updates for the following versions:
| Version | Supported | Notes |
|---|---|---|
| Latest Release | ✅ Supported | Actively maintained with all critical updates and patches. |
| Previous Major | ✅ Supported | Receives important security patches, but new features are not added. |
| Older Versions | ❌ Not Supported | Users are encouraged to upgrade to a newer version to receive security updates. |
We strongly encourage users to stay on the latest version to ensure they benefit from the latest security patches.
If you discover any security vulnerabilities or suspect potential issues in Scruter, please follow these guidelines:
- Email us: Report the vulnerability by sending an email to [email protected]. Include a detailed description of the issue, steps to reproduce it, and any relevant supporting materials.
- Do not share publicly: Please refrain from disclosing the vulnerability publicly until we have resolved the issue.
- Provide contact information: So that we can reach out to you for further details if needed.
When submitting a vulnerability report, please ensure that you:
- Provide a clear, concise description of the issue.
- Include proof of concept (PoC) if available.
- Respect user privacy, refrain from accessing or modifying user data.
- Refrain from any actions that could negatively impact the platform (e.g., DDoS, malware injection).
Scruter is dedicated to:
- Acknowledging your report within 48 hours.
- Investigating the issue thoroughly and communicating with you during the process.
- Resolving the issue in a timely manner.
- Offering recognition to researchers who follow responsible disclosure guidelines. This could include public acknowledgment or other rewards, depending on the severity and impact of the issue.
The following components are considered in-scope for security vulnerability reporting:
- The Scruter website and any associated subdomains
- Scruter's APIs and backend services
- User data handling and account security mechanisms
Out-of-scope issues include:
- Denial-of-service (DoS) attacks
- Spam
- Social engineering
Your security concerns are important to us. If you believe you have found a vulnerability, please don’t hesitate to report it. We value your assistance in making Scruter a safer platform for everyone.