Report a Security Vulnerability
How to responsibly report a security vulnerability in JobsiteOn, including what to include and our response timeline.
What this guide covers
This guide explains how to responsibly report a security vulnerability you have discovered in JobsiteOn. Prompt reporting helps us protect all customers.
How to report
Email security@jobsiteon.com with as much detail as possible:
- Description of the vulnerability.
- Steps to reproduce the issue.
- Impact assessment -- what data or systems are affected.
- Screenshots or videos if applicable.
- Your contact information for follow-up questions.
Screenshot: A sample vulnerability report email showing the recommended format with description, steps to reproduce, and impact assessment sections.
What to expect
| Timeline | Action |
|---|---|
| Within 1 day | Acknowledgment of your report |
| Within 5 days | Initial assessment and severity classification |
| Within 30 days | Resolution or mitigation plan communicated |
| After resolution | Notification that the issue is fixed |
Responsible disclosure
- Do not share the vulnerability publicly until it has been resolved.
- Do not exploit the vulnerability beyond what is needed to demonstrate the issue.
- Do not access, modify, or delete other users' data.
Animation: A timeline showing the responsible disclosure process from report to acknowledgment to resolution to public disclosure.
Tip: If you are unsure whether something is a vulnerability, report it anyway. We would rather investigate a false positive than miss a real issue.
Note: JobsiteOn does not currently offer a formal bug bounty program, but we appreciate and acknowledge all valid security reports.
Related articles
Did this answer your question?