Responsible Disclosure Statement

Purpose

This Statement is intended for all security researchers who are investigating a potential security vulnerability.

America’s Car-Mart is committed to the security of our services and our customers’ information.  If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner.

Prohibited Actions

Security researchers are prohibited from taking the following actions when investigating a potential security vulnerability:

  • Accessing, downloading, or modifying data residing in any account that does not belong to that individual.
  • Executing or attempting to execute any denial-of-service attack.
  • Knowingly posting, transmitting, uploading, linking to, sending, or storing any malicious software on or through America’s Car-Mart services.
  • Sending or causing the sending of spam messages or other unsolicited messages to users.
  • Testing in a manner that would degrade the operation of our services.
  • Public disclosure of the details of any identified suspected vulnerability without express written consent from America’s Car-Mart.
  • Any other testing that violates applicable law or our Terms of Use.

Any activities conducted in a manner consistent with our policies will be considered authorized conduct and we will not initiate legal action against you.

Reporting

Please share the details of any suspected or detected vulnerabilities with the America’s Car-Mart Cybersecurity Team by emailing [email protected]. The America’s Car-Mart Cybersecurity Team will conduct a thorough investigation and then take the appropriate action.