×

Vulnerability disclosure policy

If you believe you have found a security vulnerability in this website, please submit your report to us as soon as possible.

Introduction

This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us (the “Organisation”). We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it.

We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.

Reporting

If you believe you have found a security vulnerability, please submit your report to us by email to vulnerability@imajica.com

In your report please include details of:

  • the website, IP or page where the vulnerability can be observed
  • a brief description of the type of vulnerability, for example; “XSS vulnerability”. See this link for a list of vulnerabilities
  • steps to reproduce. These should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately. It also reduces the likelihood of duplicate reports, or malicious exploitation of some vulnerabilities, such as sub-domain takeovers.


Format of email (example)

## URL of website
## page where vulnerability can be observed
## Summary:

[add brief description of the vulnerability]

## Steps To Reproduce:

[add details for how we can reproduce the issue]

  1. [add step]
  2. [add step]
  3. [add step]

## Supporting Material/References:

[list any additional material (e.g. screenshots, logs, etc.)]

  * [attachment / reference]

 

What to expect

After you have submitted your report, we will respond to your report within 5 working days and aim to triage your report within 10 working days. We’ll also aim to keep you informed of our progress.

Priority for remediation is assessed by looking at the impact, severity and exploit complexity. Vulnerability reports might take some time to triage or address. You are welcome to enquire on the status but should avoid doing so more than once every 14 days. This allows our teams to focus on the remediation.

We will notify you when the reported vulnerability is remediated, and you may be invited to confirm that the solution covers the vulnerability adequately.

Once your vulnerability has been resolved, we welcome requests to disclose your report. We’d like to unify guidance to affected users, so please do continue to coordinate public release with us.

Guidance

You must NOT:
  • break any applicable law or regulations
  • access unnecessary, excessive or significant amounts of data
  • modify data in the our systems or services
  • use high-intensity invasive or destructive scanning tools to find vulnerabilities
  • attempt or report any form of denial of service, for example, overwhelming a service with a high volume of requests
  • disrupt our services or systems
  • submit reports detailing non-exploitable vulnerabilities, or reports indicating that the services do not fully align with “best practice”, for example missing security headers
  • submit reports detailing TLS configuration weaknesses, for example “weak” cipher suite support or the presence of TLS1.0 support
  • communicate any vulnerabilities or associated details other than by means described in this Policy
  • social engineer, ‘phish’ or physically attack the Organisation’s staff or infrastructure
  • demand financial compensation in order to disclose any vulnerabilities
You must:
  • always comply with data protection rules and must not violate the privacy of the Organisation’s users, staff, contractors, services or systems. You must not, for example, share, redistribute or fail to properly secure data retrieved from the systems or services.
  • securely delete all data retrieved during your research as soon as it is no longer required or within 1 month of the vulnerability being resolved, whichever occurs first (or as otherwise required by data protection law).
Legalities

This policy is designed to be compatible with common vulnerability disclosure good practice. It does not give you permission to act in any manner that is inconsistent with the law, or which might cause the Organisation or partner organisations to be in breach of any legal obligations.

However, if legal action is initiated by a third party against you and you have complied with this policy, we can take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep ourselves and our users safe!

LATEST NEWS

Knockhill - Highs and lows for both Halfords Racing with Cataclean drivers
31 Jul 2022
Croft - Triumph and Tribulation for Halfords Racing with Cataclean at Croft
26 Jun 2022
Oulton Park - Great pace for Halfords Racing with Cataclean at Oulton
12 Jun 2022
Thruxton - A tale of two halves for Halfords Racing with Cataclean
29 May 2022
Brands hatch Indy - A challenging weekend for Halfords Racing with Cataclean
15 May 2022
Donington Park - A strong start to the season for Halfords Racing with Cataclean!
24 Apr 2022
Brands Hatch (Grand Prix) - Halfords Racing with Cataclean claim 3 podiums to finish the season on a high!
24 Oct 2021
Donington Park (National) - Records, Trophies and Championship titles added up to a great weekend for Halfords Racing with Cataclean!
10 Oct 2021
Silverstone (National) - Three Top 10 finishes for Rowbottom are highlight of the weekend for Halfords Racing with Cataclean
26 Sep 2021
Croft - Weekend ends on a high for Halfords Racing with Cataclean
19 Sep 2021
Thruxton - A weekend of mixed fortunes for Halfords Racing with Cataclean
29 Aug 2021
Knockhill - A Rollercoaster weekend sees a string of top 10 finishes for Halfords Racing with Cataclean!
15 Aug 2021
Oulton Park (Island) - Halfords Racing with Cataclean increase intensity on Championship hunt
01 Aug 2021
Brand Hatch (Indy) - A weekend of mixed fortunes for Halfords Racing with Cataclean
13 Jun 2021
Snetterton (300) - A challenging weekend for Halfords Racing with Cataclean
16 May 2021
Thruxton - A weekend of mixed fortunes for Halfords Racing with Cataclean
10 May 2021
HALFORDS RACING WITH CATACLEAN’S ‘BEST OF BRITISH’ CHALLENGERS REVEALED
22 Apr 2021
SHEDDEN EARNS PRE-SEASON BRAGGING RIGHTS
22 Apr 2021
FLASH IS BACK!
05 Mar 2021
Triple points score for Gordon Shedden in Slovakia
13 May 2019
Strong first weekend of 2019 for Gordon Shedden in Morocco
09 Apr 2019
Gordon Shedden tops pre-season testing for the 2019 FIA World Touring Car Cup
01 Apr 2019
Lights to flag victory in Wuhan for Gordon Shedden!
08 Oct 2018
Technical woes plague Gordon Shedden at the Slovakiaring
17 Jul 2018
Pole and points for Gordon Shedden in packed Portuguese race
26 Jun 2018
Best weekend so far for Gordon Shedden in the WTCR
22 May 2018
Strong weekend for Gordon Shedden at the Nürburgring Nordschleife
15 May 2018
Gordon Shedden counting the positives after tough Hungary visit
30 Apr 2018
Top-five for Gordon Shedden on World Touring Car debut
09 Apr 2018
AUDI SPORT LEOPARD LUKOIL TEAM READY FOR WTCR 2018 ASSAULT
06 Apr 2018
ANONIMO & LEOPARD TOGETHER ALSO ON 4 WHEELS
01 Apr 2018
AUDI SPORT LEOPARD LUKOIL TEAM ENTER A NEW ERA
15 Mar 2018
Audi Sport customer racing with two partner teams in new FIA World Touring Car Cup (WTCR)
15 Feb 2018

SPONSORS