Customer Service Help Center

Vulnerability Disclosure Policy

At MidwayUSA, we take security very seriously and are committed to ensuring the security and privacy of our Customers. If you believe you have found an issue affecting the security or privacy of our Customers in any site or service hosted on, including all subdomains, we encourage you to submit a report as soon as possible in accordance with our Guidelines for Responsible Disclosure. When a report is submitted in this manner, we will engage you and continue to keep you informed of the status of your report. We will not take legal action against, or suspend or terminate the accounts of, those who discover and report security vulnerabilities in accordance with our guidelines. MidwayUSA reserves all legal rights in the event of any non-compliance, however we will take into consideration that accidental, good-faith violations might occur. We do not currently offer monetary compensation for vulnerability submissions.


Guidelines for Responsible Disclosure

Because public disclosure of vulnerabilities has the potential to affect the security and privacy of our Customers, we ask that you keep the report private until we have either resolved the issue or expressly agreed to disclosure. Publicly disclosing vulnerabilities prior to these criteria being met is considered out of compliance with our policy.

Additionally, we do not permit:

  • Accessing, downloading, or modification of any data residing in an account that does not belong to you
  • Engaging in activity that degrades the operation of any MidwayUSA system
  • Testing of any third-party service or application that integrates with or links to MidwayUSA systems
  • Conducting research through social engineering or other deceptive techniques
  • Conducting research by physically connecting to a MidwayUSA network or other device on any MidwayUSA property
  • Utilizing malware or other malicious software in any way
  • Testing in a manner that would result in sending unsolicited messages to Customers, Employees or Partners of MidwayUSA



Vulnerability reports should be submitted to and include:

  • Clear description of the issue and the threat that it poses
  • Affected URL(s)
  • Detailed steps to reproduce
  • Any applicable attachments (e.g. screenshots) that help identify, explain, or prove out the issue
  • Recommendations on how to resolve the issue, if known

Once you have submitted a report, you can expect a response acknowledging receipt of the report. If the issue is valid and we determine action needs to be taken, we will maintain regular contact, informing you of progress until the issue has been resolved. If the issue was either already known or we have decided not to take action, or we determine the submission to be invalid for any reason, we will let you know.


Thank you for helping ensure the security and privacy of our Customers!

Search Help