Select Region/Country
  • Global
  • Nigeria
  • Kenya

Cookie Statement

Please note that we take your privacy seriously and only process your personal information following Nigeria Data Protection Act, 2023 and any applicable regulations. Your continued use of this platform indicates that you consent to the processing of your data by Moniepoint MFB.

Our site also uses cookies to enhance your experience on this platform. You can modify your preference using the option below. Please read our Cookie Policy for more information.

You are on our Global Page. To view content relevant to your location, select a different country or region.

moniepoint
AboutContact
Sign up
Global

Vulnerability Disclosure Policy

Introduction

Moniepoint is committed to ensuring the security and integrity of our systems and services. We welcome responsible security researchers to help us identify and address potential vulnerabilities. This Vulnerability Disclosure Policy outlines the process for reporting vulnerabilities and the guidelines for responsible disclosure.

Reporting Vulnerabilities

We encourage security researchers to report vulnerabilities to us to enable us to investigate and remediate security issues promptly. If you believe you have found a security vulnerability in a Moniepoint product or service, please submit your report to [email protected].

To help us triage and resolve the issue quickly, please ensure your report includes the following details:

  • Vulnerability Title: A brief, descriptive title of the issue (e.g., Cross-Site Scripting on Login Page).
  • Affected Component: The specific URL, application, IP address, or service where the vulnerability exists.
  • Description & Impact: A clear explanation of the vulnerability and the potential security risk it poses to Moniepoint or our users.
  • Steps to Reproduce: A detailed, step-by-step guide allowing our team to replicate the issue.
  • Proof of Concept (PoC): Any relevant screenshots, videos, or code snippets that demonstrate the exploit (please ensure no user data is exposed in these files).
  • Reporter Information: Your name/handle and the preferred email address for ongoing correspondence.

Important: Please maintain strict confidentiality and do not disclose the vulnerability publicly or to any third party until Moniepoint has resolved the issue.

Responsible Disclosure Guidelines

To ensure a smooth and collaborative vulnerability disclosure process, we ask security researchers to adhere to the following guidelines:

  1. Avoid Public Disclosure: Please refrain from public disclosure of vulnerabilities until they have been acknowledged and addressed by Moniepoint. Public disclosure can potentially compromise the security of our systems and users.
  2. Act Ethically:Conduct your research responsibly and ethically, avoiding any actions that could harm our systems or users.
  3. Limit Impact: Minimize the impact of your vulnerability testing by avoiding actions that could disrupt our services (e.g DOS) or compromise user data.
  4. Cooperate with Moniepoint: Work with our security team to understand the nature of the vulnerability, provide necessary information, and assist in the remediation process.

Rules of Engagement

Moniepoint values contributions from the security research community. To ensure responsible disclosure, please adhere to the following guidelines:

Researchers Must Not:

  1. Violate the Law: Researchers must comply with all applicable laws and regulations.
  2. Exploit Vulnerabilities: Researchers should not exploit or attempt to exploit vulnerabilities.
  3. Engage in Malicious Activity: Social engineering, phishing, or other malicious activities are strictly prohibited.
  4. Seek Financial Gain: Researchers should not demand payment for vulnerability disclosure.
  5. Exceed Authorized Access: Access to systems or data should be limited to what is necessary for vulnerability identification and reporting.
  6. Tamper with Systems: Tampering with Moniepoint systems or devices is prohibited.
  7. Corrupt Data: Researchers must not modify, copy, share, or corrupt data processed or stored by Moniepoint systems.
  8. Use Destructive Methods: The use of high-intensity, invasive, or destructive scanning tools is forbidden. Disruptive activities like brute-force attacks, denial-of-service attacks, or physical attacks against Moniepoint facilities or data centers are strictly prohibited.
  9. Interfere with Services: Researchers must not interfere with Moniepoint services or systems.
  10. Target Third-Party Systems: Testing or research should be limited to Moniepoint systems and services.
  11. Excessively Access Data: Access to data should be limited to what is necessary for vulnerability discovery and confirmation.

Timeline for Response and Resolution

Upon receiving a vulnerability report, Moniepoint will acknowledge it promptly and initiate an investigation. We will provide regular updates on the status of the issue and the timeline for resolution.

Rewards and Recognition

We value the contributions of security researchers and may offer rewards for critical vulnerabilities, based on the severity and impact.

Disclaimer

This Vulnerability Disclosure Policy outlines general guidelines and may be subject to change.

By submitting a vulnerability report, you agree to abide by this policy.

We respect your privacy and so we ask you to not include sensitive personal information such as identity number, credit/debit card number, or health and medical information.

Contact Information

For any questions or concerns related to this policy or the vulnerability disclosure process, please contact [email protected].

Third Party Products or Services

Products, systems, and data not owned by Moniepoint are subject to review under this Policy. These disclosures would be subject to review to determine if and how it affects Moniepoint systems.