Vulnerability Disclosure Policy
Sourceful Vulnerability Disclosure Policy
At Sourceful, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. We understand that security issues can be found and we are committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us.
If you believe you’ve found a security vulnerability in our systems or services, we encourage you to notify us. We welcome working with you to resolve the issue promptly. Please email us at email@example.com.
- Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue
- Do not disclose the issue to the public or any third-party under any circumstances. We request your full cooperation in this matter.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.
While researching, we’d like you to refrain from:
- Denial of service
- Social engineering (including phishing) of Sourceful staff or contractors
- Any physical attempts against Sourceful property or data centers
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep Sourceful and our users safe!
Changes to This Policy
We may revise this policy from time to time. The most current version of the policy will govern our processing of your personal data and will always be at http://www.sourceful.com/security/vulnerability-disclosure-policy.
If you have any questions about this policy, please feel free to contact us at firstname.lastname@example.org.