Introduction
At upKeeper Solutions, we prioritize the security and privacy of our customers, partners, and products. To ensure the highest standards of security, we welcome and encourage security researchers, partners and users to report any vulnerabilities they may find in our systems. This Coordinated Vulnerability Disclosure (CVD) policy outlines how to report vulnerabilities, what to expect from us, and how we handle disclosures.
Reporting a vulnerability
If you believe you have discovered a vulnerability in any of our products or services, please follow these steps:
1. Contact Us: Send an email to secure@upkeeper.se with detailed information about the vulnerability. Include:
- A description of the vulnerability and its potential impact.
- Detailed steps to reproduce the vulnerability.
- Any supporting evidence (e.g., screenshots, logs, or proof-of-concept code).
2. Provide Contact Information: Include your contact details (e.g., name, email address) so we can reach out for further information if necessary.
3. Respect Confidentiality: Do not share details of the vulnerability with others until we have had the opportunity to investigate and address the issue.
Our commitment
When you report a vulnerability to us, you can expect the following:
1. Acknowledgment: We will acknowledge receipt of your report within 72 hours.
2. Investigation: We will investigate the reported vulnerability and provide you with an estimated timeline for resolution.
3. Status Updates: We will keep you informed of our progress, including any planned fixes and public disclosures.
4. Credit: If you wish, we will publicly acknowledge your contribution once the vulnerability has been addressed and disclosed.
5. No Legal Action: If you adhere to this policy and act in good faith, we will not pursue legal action against you.
Guidelines for Researchers
To ensure a smooth and effective disclosure process, please adhere to the following guidelines:
1. Act in Good Faith: Ensure that your research and disclosure activities are conducted in a manner that avoids harm to our systems, data, and users.
2. Non-Disruption: Avoid actions that could disrupt our services, including denial of service attacks, social engineering, or physical attacks against our employees, infrastructure, or third-party services.
3. Confidentiality: Do not publicly disclose the vulnerability before we have addressed it and provided public notification.
4. Scope: Focus your research on vulnerabilities in our products and services. Avoid testing environments that could affect our customers or third-party services.
Safe harbor
We consider activities conducted in accordance with this policy to be authorized and in line with our commitment to improving security. We will not take legal action against researchers who discover and report vulnerabilities in accordance with this policy.
Conclusion
We appreciate your efforts to help us improve our security. By working together, we can create a safer environment for everyone. If you have any questions or need further clarification, please contact us at secure@upkeeper.se.
Thank you for helping to keep upKeeper Solutions products and services secure!
This policy is subject to change without notice. Please refer to our website for the latest version.
Comments
0 comments
Please sign in to leave a comment.