SECURITY PROGRAM
Responsible Disclosure
& Security Program
Help us keep Fairatmos secure. We invite security researchers to identify and report vulnerabilities responsibly.
Program Scope
In Scope — Assets & Domains
Fairatmos web application (fairatmos.com)
Fairatmos web application (atmoscheck.fairatmos.com)
Fairatmos web application (atmoswatch.fairatmos.com)
Fairatmos mobile applications (AtmosGO)
Authentication and authorization mechanisms
Eligible Vulnerability Types
We are interested in the following categories:
Remote Code Execution (RCE)
SQL Injection (SQLi)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Server-Side Request Forgery (SSRF)
Insecure Direct Object Reference (IDOR)
Authentication & Session Flaws
Authorization Bypass
Sensitive Data Exposure
Business Logic Vulnerabilities
Others
To help us process it faster, kindly include:
- Subject: [Bug Report] – Short issue title
- Detailed description of the bug
- Steps to reproduce the issue
- Screenshot or video (if available)
- Device / browser / OS used
Report a Bug
Found a bug or issue?
Please send your report to: security@fairatmos.com
Safe Harbor
Fairatmos will not pursue legal action against researchers who discover and report vulnerabilities in good faith, in compliance with this policy. We consider security research conducted consistent with this policy to be authorized, and we will not initiate legal action for accidental policy violations made in good faith.
Legal Notice
This program does not grant permission to access or alter systems not listed in scope. Fairatmos reserves the right to modify, suspend, or terminate this program at any time. All reward decisions are final and at the sole discretion of Fairatmos. By participating, you agree to abide by these terms.
