Bob Shop values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.
If you are a security researcher and would like to report a security vulnerability, please send an email to: tech+vulnerability@bobshop.co.za. Please provide your name, contact information, and company name (if applicable) with each report. Priority will be granted to encrypted reports – please include your PGP public key with such reports.
Download the Bob Shop PGP key.
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:
We will attempt to respond to your report within 1-2 business days.