Download as PDF
Sharktech takes security very seriously for our clients, our services, and our staff. If you are a security researcher and have discovered a vulnerability in our web site or services, we appreciate your help in disclosing this to us in a responsible manner.
1. Report a discovered security vulnerability as soon as possible to Sharktech at firstname.lastname@example.org
- Identify the suspected vulnerability.
- Suggest steps to enable us to reproduce the issue.
- Provide your E-mail address and secure mechanism to contact you.
- Provide your name (and/or colleagues) if you would like to be recognized
We will acknowledge receipt of your vulnerability report the next business day and strive to send you regular updates about our progress.
2. Once You have reported the discovered security vulnerability
- Do not disclose a bug or vulnerability on public notice boards, mailing lists or other public forums.
- Allow Sharktech an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, to ensure that Sharktech has developed and thoroughly tested a solution.
- Do not utilize an exploit to view data without authorization, or compromise the confidentiality or availability.
- Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed.
- Do not use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact.
- Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
- Do not modify or destroy data that does not belong to you.
- Never attempt non-technical attacks, such as social engineering, phishing or physical attacks against our employees or infrastructure.
Sharktech reserves all legal rights to pursue recourse should You not follow this Policy or should it discover Your participation in causing the vulnerability.
Because Sharktech appreciates Your assistance it may, at its discretion, provide a reward for Your report of vulnerabilities in accordance with this Policy.