Last updated on October 16, 2023

OVERVIEW

This Vulnerability Disclosure Program Policy is a ready-made template that is given to organizations when setting up their program policy for their Secuna Response (VDP) programs. Organizations may change the contents of this policy in their specific program policies to tailor it specifically to their organization’s needs and guidelines.

INTRODUCTION

Security is core to our values, and we value the input of external cybersecurity researchers (hunters) acting in good faith to help us maintain a high standard for the security and privacy of our users and systems. This policy sets out our definition of good faith in the context of finding and reporting security vulnerabilities, as well as what you can expect from us in return for your effort, skill, and dedication.

GUIDELINES

We require all hunters to:

• Act in good faith to avoid privacy violations, degradation of our services, disruption to systems, and destruction of data during security testing (including denial of service);
• Perform research only within the scope set out below;
• Be clear and succinct, a short proof-of-concept link is invaluable;
• Only interact with your own accounts or test accounts for security research purposes. Do not access or modify our data or our users' data, without the explicit permission of the owner; and
• Always adhere to this program’s disclosure policy and Secuna’s disclosure terms.

If you follow these guidelines when reporting an issue to us, we commit to:

• Not pursue or support any legal action related to your research;
• Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission);
• Recognize your contribution on our leaderboard, if you are the first to report the issue and we make a code or configuration change based on the issue.

EXPECTATIONS

When working with us according to this policy, you can expect us to: