Coordinated Vulnerability Disclosure
At Prowise we hone a culture of utmost respect for the privacy and data of our users. We recognise that large parts of our users are unable to accurately judge the security of systems. With that in mind, we feel we have extra responsibility to keep our systems and services secure, and we take great care to achieve this.
However, regardless of our best efforts, we recognise perfect software is almost impossible. Therefore vulnerabilities might exist in our systems. Please let us know if you found a weak spot in one of our systems. We want to collaborate and improve our systems to resolve those issues, and make our processes, services and systems more resilient against privacy and security issues.
We ask you to
- Share your findings by sending an email with detailed description to firstname.lastname@example.org.
- Do not exploit the issue further than you need to prove your case or by sharing data or details with parties other than Prowise, or removing or modifying information.
- Do not execute attacks on physical security, using social engineering, denial of service or spamming third party applications.
- Provide us with enough information to reproduce and/or understand the issue and be reachable to us in case we need more information.
We will do the following
- Respond with a receipt as within 3 working days.
- Within one working week we will let you know our assessment and follow up actions.
- If you followed the above guidelines, we will not take legal action regarding your report for the issue in question.
- We will treat your personal information confidentially and not share it with third parties without your express permission unless we are legally required to do so. Reporting using an alias is an option
- We will keep you up to date during the process of creating a solution and keep in contact with you
- If so desired, we will publicly list your name for your contribution to the integrity of our systems
- Depending on the nature and seriousness of the incident and the quality of the report we might extend an offer for further rewards of our choosing
We aim to resolve incidents as quickly as possible. We would like to be involved in any publications about issues you might find in our systems or services and/or report.