Responsible Disclosure Policy.
We value the security of our systems and user data and appreciate the assistance of security researchers and ethical hackers in identifying and responsibly disclosing any vulnerabilities. This policy outlines the guidelines for reporting security vulnerabilities or incidents related to our website, products, or services.
1. Scope
This policy applies to any individual or organization who discovers a potential security vulnerability or incident in our systems, including but not limited to our website, web applications, mobile applications, and infrastructure.
2. Guidelines for Responsible Disclosure
We encourage security researchers to adhere to the following guidelines when reporting security vulnerabilities or incidents:
2.1. Do's
- Provide detailed information about the vulnerability or incident, including steps to reproduce, impacted systems or components, and any supporting evidence.
- Act in good faith to avoid any harm to the systems or data, respecting user privacy, and complying with applicable laws and regulations.
- Allow us a reasonable amount of time to investigate and address the reported vulnerability or incident before making any public disclosure.
- Communicate your findings with us in a professional and respectful manner.
2.2. Dont's
- Engage in any destructive actions that may cause harm to our systems, data,or users.
- Access, modify, or delete data that does not belong to you.
- Perform any activities that may disrupt the availability or performance of our systems.
3. Reporting a Vulnerability or Incident
If you discover a potential security vulnerability or incident, please follow these steps to report it to us:
3.1. Notify Us
- Contact our security team at security@foresightdata.com with all the relevant details of the vulnerability or incident.
- Encrypt the communication using our public PGP key if you wish to provide sensitive information securely.
- Provide your contact information, including your name and email address, so that we can communicate with you regarding the issue.
3.2. Allow Time for Investigation and Resolution
- We will acknowledge your report within a reasonable timeframe and provide you with an initial response.
- We will investigate the reported vulnerability or incident and take appropriate actions to address it.
3.3. Public Disclosure
- We appreciate responsible disclosure and allow researchers to publicly disclose the vulnerability or incident after we have fully resolved the issue.
- We request that you provide us with a reasonable amount of time to address the vulnerability or incident before making any public disclosure.
4. Our Commitment
We are committed to:
- Treating all reports with seriousness and investigating them promptly
- Maintaining clear and open communication with the reporting party throughout the process.
- Taking appropriate steps to fix verified vulnerabilities or incidents in a timely manner.
- Recognizing the efforts of researchers who responsibly disclose vulnerabilities through appropriate acknowledgments, if agreed upon.
5. Legal Considerations
We will not pursue legal action against individuals who report vulnerabilities or incidents in accordance with this policy, provided they comply with the guidelines mentioned herein.
6. Non-compliance
If a security researcher fails to adhere to this policy or engages in malicious activities, we reserve the right to take appropriate legal action.
Thank you for your assistance in helping us maintain the security of our systems. We appreciate your efforts in contributing to a safe and secure environment for our users.
Foresight Data Security Team