Companies welcome the ethical and responsible disclosure of security issue(s). We recognize that the researcher community may not always be able to reach the appropriate stakeholder(s) to responsibly disclose a security issue(s).
Responsible Disclosure Guidelines
Responsible disclosure guidelines are designed to ease the disclosure of potential security issue(s) in an ethical way and in accordance with the law. They shall not be construed as a permission to infringe any law or to reverse engineer any code or other technology.
Please allow stakeholder(s) the time to assess and fix security issue(s) before public disclosure.
Disclosure of any security issue(s) should comply with the following principles:
- Do not cause any harm to the stakeholder(s), its customers, suppliers, partners or any other individuals or companies;
- Do not act so as to compromise the safety of any products, their operation, and/or related services;
- Do not infringe any applicable intellectual property rights or trade secrets, laws, or regulations;
- Do not lock, disclose, destroy or compromise the integrity of the company’s customers and partners’ data
- Do not turn a financial transaction into a precondition to the disclosure of potential security issue(s);
- Do not breach any applicable data privacy laws and regulations.
- Do not exploit or compromise the security issue(s) or systems.