Vulnerability Disclosure Policy

Introduction

 

This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us. This policy is intended to give security researchers and Findaa's internal team clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. Findaa actively researches and investigates vulnerabilities in our service and products. Also, we will make changes and issue software updates to resolve such vulnerabilities. We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.

 

Findaa is committed to:

  • investigating and resolving security issues in our services and products thoroughly

  • working in collaboration with the security practitioners

  • responding promptly and actively

Reporting

 

If you believe you have found a security vulnerability in one of our services and products, please email contact@findaatech.com or fill out the Get In Touch form on the Findaa website (https://www.findaatech.com/get-in-touch).

What to expect

  • After submitting your vulnerability report, you will receive an acknowledgement reply usually within 24 working hours of your report being received.

  • We’ll also aim to keep you informed of our progress. 

  • We will normally address the vulnerability within 90 days. 

  • When the reported vulnerability is resolved, or remediation work is scheduled, we will notify you, and invite you to confirm that the solution covers the vulnerability adequately.

  • Once your vulnerability has been resolved, we will email our current users about the issue and the update.

  • We will publicly announce the vulnerability in the release notes of the update on our website and subscriptions and report to related industrial security organisations.

Guidance

 

You must NOT:

  • Break any applicable law or regulations

  • Access unnecessary, excessive or significant amounts of data

  • Modify data in Findaa's systems or services

  • Use high-intensity invasive or destructive scanning tools to find vulnerabilities

  • Disrupt the Findaa’s platform or systems

  • Demand financial compensation in order to disclose any vulnerabilities

 

Thank you for helping keep Findaa and our users safe!