Systems & security

www.xpornbest.com
Systems and Security Policy
(Last updated January 25, 2017)
If you have found a security flaw on xpornbest.com , please report it to use right away. We
investigate all reports of fraud and/or security breaches. Please review this policy to learn more.
Disclosure Policy
When reporting a security issues, you comply with the points below. If you comply, we will not file a
lawsuit or legal or law enforcement investigation against you. We ask:
1) Information regarding this security issue is not made public or shared with other
2) You did not interact with a model, member, or studio account, downloaded or took screenshots
of any data pertaining to these accounts.
3) You avoided any violations of privacy and did not destroy or interrupt our data service.
4) You did not violate applicable laws or regulations.
System and Security Program Terms and Conditions
We recognize and thank security specialists whom make an effort to make the Internet a safer place.
Monetary rewards are at IWC’s discretion and are based on several factors. You must meet the following
to qualify:
1) Follow the Disclosure Policy (above)
2) Report all bugs and vulnerabilities that create risk for xpornbest and its members and models (xpornbest
determines the risk of issues)
3) Clearly report the problem you found in a comprehensive report that is labeled as such and
includes a timeline and/or dates, potential security issues, and/or data breaches, phishing, or
potential SQL injections or content injections.
4) If a privacy violation has been caused by you, please disclose this in your report.
5) Please use test accounts to replicate any issue and do not interact with live accounts.

We will follow these points when investigating reports.
– We investigate and respond to all valid reports.
– If passwords are compromised, IWC changes all passwords that are used across the system infrastructure and admin control panel.
– We determine bounty amounts based on a variety of factors, including (but not limited to) impact, ease of exploitation, and quality of the report. If we pay a bounty, the minimum reward is $ 50. Low-risk issues do not qualify.
– We seek to pay similar amounts for similar issues, but bounty amounts and qualifying issues may change with time. Past rewards do not necessarily guarantee similar results in the future.
– In the event of duplicate reports, we award a bounty to the first person to submit an issue. (xpornbest determines duplicates and may not share details on the other reports.) A given bounty is only paid to one individual.
– We reserve the right to publish reports (and accompanying updates).
– We verify that all bounty awards are permitted by applicable laws, including (but not limited to) US trade sanctions and economic restrictions.
Note that your use of xpornbest services and the services of any member of the xpornbest family of companies, including for purposes of this program, is subject to xpornbest’s Terms and Policies. We may retain any communications about security issues you report for as long as we deem necessary for program purposes, and we may cancel or modify this program at any time.
Bug Bounty Program Scope
To qualify for a bounty, report a security bug to our contact page .

Attributes of a Good Report
Detailed steps in your message explaining how to reproduce the bug. This should include any links you clicked on, pages you visited, URLs, user IDs, etc. Images and video can be helpful if you also include written explanations.
Clear descriptions of any accounts used in your report and the relationships between them. Please do not use the same name on multiple accounts to avoid confusion.
Quality before quantity. A few lines of precise, clear explanations is best.
If you send a video, consider these tips:
Keep it short by showing only the parts necessary to demonstrate the bug once. (Remove or redo mistakes that might happen while recording.)
Record at a resolution where text or URLs are readable (at least 480p; 1080p is usually not necessary).
Provide commentary or instructions in your messages or video description instead of typing onscreen during the video.
If a large amount of text appears in your video, please include a copy in your messages as well.
Keep the video private either by uploading it as an attachment or posting it privately online (such as with a hidden link or password that you send to us)