Every product checked Rated 9+ Pay later or in instalments

SKIKK Responsible Disclosure Program

Overview

At SKIKK, the security of our systems and the protection of our customers’ data are top priorities.
Despite our best efforts, vulnerabilities may still exist. We therefore welcome responsible security research and provide this Responsible Disclosure Program to enable researchers to report security issues safely and ethically.

This program is intended for good-faith security research only. It is not a bug bounty program and does not offer monetary rewards.

Scope

In-scope domains

  • www.skikk.eu

Only systems owned and operated by SKIKK are in scope. Third-party services, integrations, and external providers are out of scope, unless explicitly stated otherwise.

 

In-scope vulnerability categories

We are primarily interested in vulnerabilities that may impact the confidentiality, integrity, or availability of our systems or customer data, including but not limited to:

  • Sensitive Data Exposure

  • Authentication & Session Management issues

  • Insecure Direct Object References (IDOR)

  • Injection vulnerabilities (SQL, command, etc.)

  • Cross-Site Scripting (XSS) – stored or reflected

  • Remote Code Execution (RCE)

  • Security misconfiguration

  • Broken access control

  • Directory / path traversal

  • Exposure of credentials or secrets

 

Out-of-scope findings

The following are out of scope and may be closed without further review:

  • Social engineering, phishing, vishing, or impersonation

  • Denial-of-Service (DoS / DDoS) testing

  • Brute-force attacks or account enumeration

  • Automated scanner output without manual validation

  • Weak password policy suggestions

  • Missing HTTP headers without demonstrated risk

  • Cookie flags on non-sensitive cookies

  • Clickjacking or CSRF on non-sensitive pages

  • Email SPF / DKIM / DMARC configuration issues

  • Open redirects without security impact

  • Self-exploitation or theoretical issues only

  • Issues requiring unrealistic user interaction

  • Vulnerabilities already known to SKIKK

  • Reports based on leaked, stolen, or compromised credentials

 

Rules of engagement

When testing, you must:

  1. Test only on accounts you own and control

  2. Avoid actions that degrade service availability

  3. Not access, modify, or delete data belonging to other users

  4. Not upload malware or malicious payloads

  5. Not exploit vulnerabilities beyond proof of concept

  6. Not perform physical security testing

  7. Not disclose vulnerabilities publicly before resolution

  8. Delete any sensitive data obtained during testing

Failure to follow these rules may result in disqualification from the program.

 

Reporting a vulnerability

Please submit reports via email to:

security@skikk.eu

Your report should include:

  • A clear description of the issue

  • Affected URL(s) or endpoint(s)

  • Steps to reproduce

  • Proof of concept where applicable

  • Impact assessment

Incomplete or unclear reports may be rejected.

 

Our commitment

If you follow this policy, we commit to:

  • Acknowledge receipt of your report

  • Review and validate reported issues

  • Keep you informed of progress where appropriate

  • Not pursue legal action for good-faith research

  • Handle your report confidentially

Resolution timelines may vary depending on severity and complexity.

 

No rewards

SKIKK does not offer monetary rewards, bounties, or payouts for reported vulnerabilities. This is a responsible disclosure program based on good-faith collaboration, not a paid bug bounty program.

We deeply appreciate the time and effort of security researchers, and we are happy to acknowledge valid contributions where appropriate, but participation is voluntary and does not entitle you to any compensation.

 

Legal terms

By submitting a report, you confirm that:

  • You are the original author of the report

  • You grant SKIKK the right to use and act on the report

  • You will not disclose the vulnerability publicly without written consent

  • You will not use SKIKK’s name or brand for promotion

 

Final notes

This program may be modified or discontinued at any time without notice. Participation is voluntary and does not provide any reward or compensation.

Thank you for helping keep SKIKK and its customers secure.

Free shipping in EU*
14 days free return
2 year warranty
Assembled in Europe