Select Region/Country
  • Global
  • Nigeria
  • Kenya

Cookie Statement

Please note that we take your privacy seriously and only process your personal information following Nigeria Data Protection Act, 2023 and any applicable regulations. Your continued use of this platform indicates that you consent to the processing of your data by Moniepoint MFB.

Our site also uses cookies to enhance your experience on this platform. You can modify your preference using the option below. Please read our Cookie Policy for more information.

You are on our Global Page. To view content relevant to your location, select a different country or region.

moniepoint
AboutContact
Sign up
Global

Vulnerability Disclosure Policy

Introduction

Moniepoint is committed to ensuring the security and integrity of our systems and services. We welcome responsible security researchers to help us identify and address potential vulnerabilities. This Vulnerability Disclosure Policy outlines the process for reporting vulnerabilities and the guidelines for responsible disclosure.

Reporting Vulnerabilities

We encourage security researchers to report vulnerabilities to us so as to enable us to investigate security vulnerabilities affecting our products and services. If you believe you have found a security vulnerability in a Moniepoint Product or Service, submit the vulnerability report via the submission form below, providing sufficient details for us to reproduce and investigate your actions.

All mandatory fields must be filled in correctly and it is essential that you maintain confidentiality when reporting a vulnerability under this Policy.

Responsible Disclosure Guidelines

To ensure a smooth and collaborative vulnerability disclosure process, we ask security researchers to adhere to the following guidelines:

  1. Avoid Public Disclosure: Please refrain from public disclosure of vulnerabilities until they have been acknowledged and addressed by Moniepoint. Public disclosure can potentially compromise the security of our systems and users.
  2. Act Ethically:Conduct your research responsibly and ethically, avoiding any actions that could harm our systems or users.
  3. Limit Impact: Minimize the impact of your vulnerability testing by avoiding actions that could disrupt our services (e.g DOS) or compromise user data.
  4. Cooperate with Moniepoint: Work with our security team to understand the nature of the vulnerability, provide necessary information, and assist in the remediation process.

Rules of Engagement

Moniepoint values contributions from the security research community. To ensure responsible disclosure, please adhere to the following guidelines:

Researchers Must Not:

  1. Violate the Law: Researchers must comply with all applicable laws and regulations.
  2. Exploit Vulnerabilities: Researchers should not exploit or attempt to exploit vulnerabilities.
  3. Engage in Malicious Activity: Social engineering, phishing, or other malicious activities are strictly prohibited.
  4. Seek Financial Gain: Researchers should not demand payment for vulnerability disclosure.
  5. Exceed Authorized Access: Access to systems or data should be limited to what is necessary for vulnerability identification and reporting.
  6. Tamper with Systems: Tampering with Moniepoint systems or devices is prohibited.
  7. Corrupt Data: Researchers must not modify, copy, share, or corrupt data processed or stored by Moniepoint systems.
  8. Use Destructive Methods: The use of high-intensity, invasive, or destructive scanning tools is forbidden. Disruptive activities like brute-force attacks, denial-of-service attacks, or physical attacks against Moniepoint facilities or data centers are strictly prohibited.
  9. Interfere with Services: Researchers must not interfere with Moniepoint services or systems.
  10. Target Third-Party Systems: Testing or research should be limited to Moniepoint systems and services.
  11. Excessively Access Data: Access to data should be limited to what is necessary for vulnerability discovery and confirmation.

Timeline for Response and Resolution

Upon receiving a vulnerability report, Moniepoint will acknowledge it promptly and initiate an investigation. We will provide regular updates on the status of the issue and the timeline for resolution.

Rewards and Recognition

We value the contributions of security researchers and may offer rewards for critical vulnerabilities, based on the severity and impact.

Disclaimer

This Vulnerability Disclosure Policy outlines general guidelines and may be subject to change. Please refer to the specific terms and conditions on the Bugcrowd platform for detailed information.

By submitting a vulnerability report, you agree to abide by this policy and the terms of service of the Bugcrowd platform.

We respect your privacy and so we ask you to not include sensitive personal information such as identity number, credit/debit card number, or health and medical information.

Contact Information

For any questions or concerns related to this policy or the vulnerability disclosure process, please contact [email protected].

Third Party Products or Services

Products, systems, and data not owned by Moniepoint are subject to review under this Policy. These disclosures would be subject to review to determine if and how it affects Moniepoint systems.