Vulnerability Disclosure Policy

Introduction

Ensuring security for our customers is a top priority here at Sureify. If you believe you have found a security vulnerability, please email a report to us at [email protected]. Our Security Incident Response Team (SIRT) is committed to verifying and addressing reported vulnerabilities. If customer action is required to remediate reported vulnerabilities, Sureify will notify impacted customers.

No Bug Bounty Program

We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.

Report Guidelines

In your report, please include details of:

• The website, IP or page where the vulnerability can be observed.
• A brief description of the type of vulnerability, for example; “XSS vulnerability”.
• Steps to reproduce. These should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately. It also reduces the likelihood of duplicate reports, or malicious exploitation of some vulnerabilities, such as sub-domain takeovers.

Confidentiality

By investigating and/or submitting a security vulnerability to Sureify, you agree to treat that information as the Confidential Information of Sureify.