Welcome to Nusantara Code's Vulnerability Disclosure Program
Nusantara Code, LLC is committed to maintaining the security of our online assets and customer data. We believe that collaboration with the security community is essential to achieving this goal. We invite security researchers and ethical hackers to responsibly disclose any security vulnerabilities they may discover in our online services.
The scope of Nusantara Code's Vulnerability Disclosure Program includes the following domains and URLs:
- nusantaracode.co.id / nusantaracode.co.id/blog
- api.nusantaracode.co.id
- ads.nusantaracode.co.id
- style.nusantaracode.co.id
- tools.nusantaracode.co.id
- events.nusantaracode.co.id
- resources.nusantaracode.co.id
- developer.nusantaracode.co.id
The following domains and URL paths are considered out of scope and should not be tested:
- *.nusantaracode.co.id
- status.nusantaracode.co.id
Our primary focus for vulnerabilities in the Nusantara Code platform is on the OWASP Top Ten (2021) list. These include but are not limited to:
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
If you have discovered a potential security vulnerability within the scope of our program, please report it to us by sending an email to our security team at security@nusantaracode.co.id. We encourage you to provide a detailed description of the vulnerability, the steps to reproduce it, and any potential impact.
Nusantara Code, LLC commits to not pursue legal action against security researchers who discover and report vulnerabilities according to this program. We request that all researchers act in good faith, responsibly disclose issues, and avoid harming our systems or users during their research.
We will make every effort to acknowledge receipt of your report within 72 hours and will work diligently to investigate and resolve the issue as quickly as possible. We will keep you informed of our progress.
We encourage responsible disclosure and request that you:
- Do not publicly disclose the vulnerability before it is resolved.
- Do not exploit the vulnerability for any purpose.
- Do not access or modify user data without explicit permission.
- Abide by all applicable laws and regulations.
Thank you for helping us keep Nusantara Code, LLC and its customers safe.
Last updated: Sunday, February 11, 2024