Security Disclosure - Nullforge™ Security, Inc.

Reported Vulnerability

Critical

High

Medium

Low

Security Hall Of Fame »

Security Disclosure Policy

Overview

Nullforge is committed to ensuring the security of our systems and applications. We recognize the importance of the security community in helping us identify and address vulnerabilities. This Security Disclosure Policy outlines the process for reporting security vulnerabilities to Nullforge.

Scope

This policy applies to all systems, applications, and services operated by Nullforge.

Reporting A Vulnerability

If you believe you have discovered a security vulnerability, please report it to us as soon as possible by sending an email to [email protected]. Please include the following information in your report:

- A detailed description of the vulnerability, including steps to reproduce it.
- The specific location and details of the vulnerability (URLs, parameters, headers, etc.).
- Your contact information for further communication.

Responsible Disclosure

We encourage responsible disclosure and request that you do not publicly disclose the vulnerability until we have had the opportunity to investigate and address it. We commit to working with you to understand and resolve the issue promptly.

Commitment

- We will acknowledge receipt of your report within 48 hours.
- Our security team will investigate the reported issue promptly.
- We will work with you to understand the details and potential impact of the vulnerability.
- We will keep you informed of the progress towards resolving the issue.
- Once the vulnerability is fixed, we will notify you and publicly acknowledge your contribution if you agree.

Rules of Engagement

Do not attempt to exploit the vulnerability beyond what is necessary to demonstrate the security issue.
Do not disclose the vulnerability to others or use it for malicious purposes.

Exclusions:
The following types of reports are not within the scope of this policy and may be subject to legal action:

Denial of service attacks.
Social engineering attacks.
Physical security vulnerabilities.

Legal Safe Harbor

We will not pursue legal action against security researchers who act in good faith and adhere to this policy. We consider your security research activities to be authorized, provided they are conducted in accordance with this policy.

Updates to this Policy

This security disclosure policy may be updated from time to time. Please check back regularly for any changes.

Last updated: Sat Jan 13 05:10:28 PST 2024