inventor.gg
Security Policy
Inventor is committed to the security of our services. We greatly appreciate responsible disclosure of security vulnerabilities.
If you believe you have found a security issue with the Inventor platform, we urge you to notify us as soon as possible. We investigate all reports and will do our best to fix the issue as soon as possible.
Researcher Rules
If you are a security researcher, we ask that you follow our rules while researching vulnerabilities to help protect our users and services:
- Only test against accounts you control
- Do not disrupt service for other users
- Do not access, modify, or delete data that does not belong to you (if you are demonstrating a vulnerability, use multiple accounts you control)
- Provide a reasonable amount of time for us to fix the vulnerability before publicly disclosing it
- Provide a detailed report of the vulnerability, including steps to reproduce it
- Do not publicly disclose a vulnerability until we have had a chance to fix it
- Do not directly submit reports generated by automated tools, templates, or LLMs
Non-Qualifying Vulnerabilities
We are not interested in reports of the following types of vulnerabilities:
- Denial of service attacks
- Self-XSS
- Clickjacking on pages with no sensitive actions
- Social engineering of inventor.gg staff or users
- Email spoofing or SPF/DKIM/DMARC-related issues
- Vulnerabilities affecting users of outdated or unpatched browsers or platforms
- Brute force attacks
- Vulnerabilities requiring physical access to a user’s device
- Vulnerabilities in third-party services that integrate with Inventor
- Vulnerabilities that require a user to install a malicious app on their device, or perform an unlikely series of actions
- Vulnerabilities that require a user to click through a security warning
- Weak cipher suites or SSL/TLS configuration issues (unless you have a proof of concept against a modern browser)
- Vulnerabilities that have been found by automated tools without human verification and creation of a proof of concept
Safe Harbor
Security research activities conducted in compliance with the rules listed above will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in good faith and in compliance with this policy.
If automated or manual ToS action (account ban or suspension) is initiated against your account as a result of your research activities, please contact us and we will work with you to resolve the issue. We employ relatively aggressive automated filtering systems to prevent platform-wide abuse, which may inadvertently catch legitimate security research activity.
Rewards
We generally do not offer monetary rewards for security vulnerability reports. However, we may choose to offer free access to paid products or other rewards. Rewards are granted at our discretion based on the severity and impact of the reported vulnerability.
Contact
Valid security reports must contain the following information:
- A detailed description of the vulnerability
- Steps to reproduce the vulnerability
- Any other relevant information
- Your contact information
Send security reports to security@inventor.gg.
Assuming your vulnerability report is valid, we will respond with a plan to resolve the issue, and will keep you updated on the status of the issue as we work to resolve it.
Modification
Inventor reserves the right to modify this policy at any time, with or without notification.