Responsible Disclosure

Have you found a security vulnerability?

If you think you’ve discovered an issue with ForceManager security measures, please fill the form so that we can address your concern as quickly as possible.

Web domains and applications included on the program

• forcemanager.com
• app.forcemanager.net
• ForceManager for iOS
• ForceManager for Android

Types of vulnerabilities that do not qualify

• Vulnerabilities on infrastructure not operated by ForceManager
• Insecure settings of cookies for non-sensitive cookies
• Misconfiguration of OpenSSL
• Missing headers for non-sensitive services
• Denial of service attacks
• Brute forcing
• Logout Cross-Site Request Forgery
• Exposed login pages

Rules to follow for the Bug to be accepted

• Provide necessary informations about all steps to reproduce a vulnerability
• Don’t publicly disclose a bug before it has been fixed
• Don’t attempt to gain access to other users accounts or data
• While performing vulnerability research make sure your to not disrupt our services
• Do not perform phishing or social engineering attacks
• We’re not cooperating with vulnerability brokers
• Do not use automated scanners and do not send reports from such scanners
• If in doubt, please contact us on security@forcemanager.com