Responsible Disclosure Program

Responsible Disclosure Policy

    At Hackergenix, we consider the security of our systems a top priority. No matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

    Reporting

    If you believe you’ve found a security issue in our product or service, please notify us as soon as possible by emailing us at [email protected].

    Rules

    • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data.
    • Do not reveal the problem to others until it has been resolved.
    • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.
    • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

    Our responsible disclosure policy is not an invitation to actively scan our company network for vulnerabilities. Our systems are being monitored continuously. As a result, there is a good chance that a scan will be detected and our Security Operation Center (SOC) will investigate it.

    What we promise

    When you report a suspected vulnerability in an IT system, we will deal with this in the following way:

    • We will respond to your report within 5 business days with our evaluation of the report and an expected resolution date. If you have followed the instructions above, we will not take any legal action against you in regard to the report.
    • We will not pass on your personal details to third parties without your permission.
    • We will keep you informed of the progress towards resolving the problem.
    • In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise).

    We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

    Exclusions

    This Responsible Disclosure scheme is not intended for reporting complaints. The scheme is also not intended for:

    • Reporting that the website is not available.
    • Reporting fake e-mails (phishing e-mails).
    • Reporting fraud.

    For issues pertaining to the above and any other inquiries please get in touch with our support team.

    Rewards / bug bounty

    We are not part of a cash/bug bounty program but are happy to issue a certificate of acknowledged/recognition and we will include the name of the first reporter in our Hall of Fame below to individuals who report security issues responsibly and help us make Hackergenix more secure.

    Thank You

    We want to make sure to sincerely thank you for your disclosing responsibly and working with us improve our security. We understand the work and talent you've put into finding these issues and appreciate you reaching out to us.

    Hall of fame

    Contributors – Hackergenix Responsible Disclosure Program

    We would like to thank the following people who have found vulnerabilities in Hackergenix and have made a responsible disclosure to us:

    Thank you and congratulations for demonstrating your technical skills, security knowledge, and responsible behavior!