Responsible Disclosure Policy
At razorblue, the security of our systems and data systems is one of our biggest priorities. We strive to maintain the highest standards of security and ensure that our client’s data is protected at all times.
We are committed to working with security researchers and other members of the security community to identify and address vulnerabilities in our systems.
The following agreement sets forth the terms and conditions governing the responsible disclosure of security vulnerabilities by individuals or organisations.
- Scope of Agreement:
This agreement applies to any disclosure by the Disclosing Party of any vulnerability in the systems, infrastructure, website, networks or any other information technology services (“Vulnerability”), provided by the disclosing party.
Any Disclosing Party who discovers a Vulnerability must promptly report it to the Organisation by sending an email to email@example.com. The email must include a detailed description of the Vulnerability, including steps to reproduce it, and any supporting documentation.
The disclosing party agrees to keep all information confidential related to the Vulnerability and any communications related to its disclosure to the Organisation until such time as the Organisation publicly discloses the Vulnerability or provides the Disclosing Party with written permission to do so.
- No Harm:
The Disclosing Party agrees not to take any actions that could damage, disrupt, or compromise the Organisation’s information technology systems or services. The Disclosing Party also agrees to use reasonable efforts to avoid any disclosure that could result in harm to the Organisation, its customers, or other third parties.
- Good Faith:
The Disclosing Party agrees to act in good faith throughout the disclosure process and to provide the Organisation with sufficient information to reproduce and validate the Vulnerability.
- No Legal Action:
The Organisation agrees not to pursue any legal action against the Disclosing Party for the act of disclosing the Vulnerability in accordance with this agreement.
- Public Disclosure:
The Organisation agrees to publicly acknowledge the Disclosing Party’s contribution to the responsible disclosure of the Vulnerability, unless the Disclosing Party requests otherwise.
- No Obligation:
The Organisation is under no obligation to remediate any Vulnerability reported by the Disclosing Party.
- Governing Law:
This agreement shall be governed by and construed in accordance with the laws of [insert governing law], without giving effect to any principles of conflicts of law.
By disclosing a Vulnerability to the Organisation, the Disclosing Party agrees to be bound by the terms and conditions of this agreement.
Thank you for helping us to maintain the security of our systems and data.