Follow these simple rules:
- Do not discuss the security vulnerability you discovered with anyone other than the vendor, the system owner or us. Do not publicly disclose the vulnerability until the security issue has been fixed or until you have reached an agreement with us.
- Do not repeatedly interact with the system. Once you have found the security vulnerability, report it and wait for our response.
- Do not download, modify or delete any data from a system.
- Do not make any changes to the system.
- Do not attempt to gain access to a system using brute force or social engineering techniques. Do not use denial of service attacks.