Disclosure Policy
Data security is a top priority for Muck Rack, and Muck Rack believes that working with skilled security researchers can identify weaknesses in any technology.
Muck Rack will not engage in legal action against individuals who submit vulnerability reports through our Vulnerability Reporting inbox. We openly accept reports for the currently listed Muck Rack products. We agree not to pursue legal action against individuals who:
- Adhere to the laws of their location and the location of Muck Rack. For example, by engaging in action that would only result in a civil claim by Muck Rack (and not a criminal claim) may be acceptable as Muck Rack is authorizing the activity ( for example, by reverse engineering or circumventing protective measures) to improve its system.
- Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe expires.
How to Report a Vulnerability
When submitting a vulnerability report to Muck Rack, please be as detailed as possible. Reports should include a code sample, details on how the bug was detected, potential system or user impact, and any potential remediation steps.
If available, please include a screenshot or recording, request/response logs, or other relevant evidence, as well as any plans or intentions for public disclosure.
Where to Report a Vulnerability
To submit a vulnerability report to Muck Rack’s Security Team, please utilize the following email: security@muckrack.com
What You Can Expect from Muck Rack:
Once a report is submitted, the Security team will review the report and triage according to the Company’s internal severity criteria. If necessary, or requested by the reporter in writing, Muck Rack will provide an update on the status of the vulnerability.
Please note that Muck Rack does not offer monetary compensation for reports at this time.
Exclusions
Per Muck Rack’s Terms of Service, the following restrictions apply:
- You will not take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Site or Muck Rack's systems or networks, or any systems or networks connected to the Site.
- You may not probe, scan or perform vulnerability testing of the Site or any network connected to the Site, nor breach security or authentication measures used on the Site or any network connected to the Site.
In addition, while you’re researching, we prohibit :
- Distributed Denial of Service (DDoS)
- Spamming
- Social engineering or phishing of Muck Rack employees or contractors
- Any attacks against Muck Rack’s physical property or data centers
Thank you for helping to keep Muck Rack and our users safe!
Changes
We may revise these guidelines from time-to-time in our sole discretion, with any such change becoming applicable immediately. The most current version of the guidelines will be available at https://muckrack.com/responsible-disclosure.
Muck Rack is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@muckrack.com.
