Responsible Disclosure Policy
At Seoul Oasis (OASIS PREMIUM FOOD & BEVERAGES TRADING L.L.C), we care deeply about maintaining the trust and confidence that our customers place in us. We understand that the protection of customer data is a significant responsibility and requires our highest priority. We, therefore, take the security of our digital platforms extremely seriously, and we genuinely value the assistance of security researchers and others in the security community to assist in keeping them secure.
If you are a security researcher and have discovered a security vulnerability in one of our digital platforms (e.g., websites or mobile applications), we appreciate your cooperation in disclosing it to us in a responsible manner. We will validate and fix confirmed vulnerabilities to uphold our commitment to security and privacy.
Reporting
Security researchers should exclusively use the contact form on the website to share the details of any suspected vulnerability and should not use any other communication channels. Please include detailed information with steps for us to reproduce the vulnerability.
Compliance
For a proper cooperative experience, the following activities are prohibited under this policy and are considered incompliant:
- Publicly disclosing the details of an identified or alleged vulnerability without express written consent from Seoul Oasis (OASIS PREMIUM FOOD & BEVERAGES TRADING L.L.C).
- Modifying data residing in an account that does not belong to you.
- Accessing or downloading data beyond the minimum required to demonstrate a vulnerability. This should not exceed 1-2 records if necessary.
- Attempting to execute actions that disrupt the availability of our digital assets (e.g., any volumetric or denial of service attacks).
- Posting, transmitting, uploading, linking to, sending, or storing any malicious software.
- Testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, SMS, spam, or other forms of duplicative or unsolicited messages.
- Testing in a manner that would degrade the performance or operation of any Seoul Oasis digital assets.
- Testing third-party applications, websites, or services that integrate with or link to Seoul Oasis digital assets.
- Making any changes in the system configurations, files, or data.
- Introducing a backdoor in any digital asset.
- Conducting non-technical attacks such as social engineering or phishing.