Flair strives to continually improve the security of our products and services. We welcome any work done by security researchers to help us in this goal. Flair commits to working to verify, reproduce, and response to reported vulnerabilities. Please report vulnerability disclosures by sending an email to infosec at flair dot co.
Responsible Disclosure Guidelines
Flair will investigate all legitimate reports and work to quickly address any vulnerability. Please follow the following guidelines for making a responsible disclosure:
- Provide details of the vulnerability, including steps for reproducing the vulnerability.
- Vulnerabilities must be disclosed within 7 days of identifying the vulnerabilitiy.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of services.
- Do not modify or access data that does not belong to you.
- Allow Flair a reasonable time to correct the issue before making any information public.
- Alter only hardware devices that you own or have permission to access.
- Do not compromise the safety of any device or expose others to an unsafe condition.