🔒 Lucky Jaya Group Security Policy

Selamat datang di halaman Kebijakan Keamanan Lucky Jaya Group. Kami berkomitmen untuk menjaga keamanan sistem dan data kami, serta menghargai kontribusi komunitas security dalam menjaga keamanan digital.

📞 Contact Information

Security Team: security@luckyjayagroup.com
Response Time: 24-48 jam untuk vulnerability reports
Preferred Languages: Bahasa Indonesia, English
PGP Key: Download PGP Key

🎯 Scope

In Scope:

api.luckyjayagroup.com - Main API endpoints
Mobile applications (Android/iOS)
Web applications and interfaces
Database security and data protection

Out of Scope:

Third-party services and integrations
Physical security testing
Social engineering attacks
DDoS attacks

💰 Bug Bounty Program

Reward Structure:

Critical: Rp 5.000.000 - Rp 10.000.000
High: Rp 2.000.000 - Rp 5.000.000
Medium: Rp 500.000 - Rp 2.000.000
Low: Rp 100.000 - Rp 500.000

Rewards akan diberikan berdasarkan severity dan impact assessment.

📋 Rules & Guidelines

Do's:

✅ Test only in scope systems
✅ Provide clear reproduction steps
✅ Respect rate limits and avoid DoS
✅ Report vulnerabilities privately first
✅ Include proof-of-concept when possible

Don'ts:

❌ Don't access/modify user data without permission
❌ Don't perform destructive testing
❌ Don't disclose vulnerabilities publicly before fix
❌ Don't spam our security team
❌ Don't test third-party services

🔄 Process

Discovery: Anda menemukan vulnerability
Report: Kirim ke security@luckyjayagroup.com dengan detail lengkap
Validation: Tim kami akan memverifikasi dalam 24-48 jam
Fix: Kami akan memperbaiki vulnerability
Reward: Anda menerima reward sesuai severity
Disclosure: Vulnerability akan dipublikasikan setelah fix

📊 Vulnerability Classification

Severity	CVSS Score	Description
Critical	9.0-10.0	Remote code execution, data breach, system compromise
High	7.0-8.9	Authentication bypass, SQL injection, XSS
Medium	4.0-6.9	Information disclosure, CSRF, insecure configurations
Low	0.1-3.9	Minor issues, best practice violations

🔐 Legal

This security policy is governed by applicable laws and regulations. All security research activities must comply with:

Undang-Undang Informasi dan Transaksi Elektronik (UU ITE) Indonesia
General Data Protection Regulation (GDPR) for EU users
Computer Fraud and Abuse Act (CFAA) compliance