Vulnerability Reporting

We encourage security researchers to work with us in a responsible manner and we are always willing to work with open parties.

We strongly understand the importance of security researchers and it is our goal to work with responsible parties.  Therefore this page explains for the record and in writing our policy concerning vulnerability reporting.

While our IT staff works at securing our infrastructure and software we understand errors may occur.  Thus if you feel you have discovered an error in our infrastructure configuration or coding in one of our software products please report it to support–AT–cyberws-dot-com or use the online contact form.

Include:

  • A description of the vulnerability or misconfiguration.
  • How we may reproduce the error(s).
  • Your contact information so we may get further details, if necessary.  The more methods the better!  Also we would like to acknowledge your concern(s).

Your Responsibilities:

  • To make a good faith of respecting the privacy of data not belonging to you.  This means not purposely accessing data not belonging to you once you confirm an error.  We understand at times accidental access may occur before realizing an error.  However you should stop access immediately once you realize the nature of the issue.
  • To not download or store data belonging to others, that has not been made public, on any computing or storage systems.  This includes our systems. We ask that if a data leak is discovered and once confirmed you delete such data you accidentally accessed.  For example, but not limited to, clearing your browser cache of those items.
  • To not alter or destroy data belonging to others, including our systems.  In other words leave data alone.
  • To not use any vulnerabilities against our visitors and clients to access, modify, or otherwise alter their computing systems.  In other words do not hack other systems.
  • To not use any vulnerabilities in our systems to attack, spy, or otherwise maliciously contact other Internet connected devices, systems, and networks.  In other words do not use our systems as a staging ground to attack the Internet at large.
  • Give us a reasonable time to address the matter before making any information public.  It is our goal to acknowledge your concern(s) within 48 business hours and start investigating the issue(s).  We will contact you with confirmation this process has started.
  • To understand emails can get caught by Junk/SPAM filters thus monitor for our response.

Our Promise:

If you work with us and respect the points above, including not altering data of others and attacking systems, it is our promise to work with you to resolve the matter to the best of our ability.  In addition we state here for the world to see that we will not take legal actions against you or contact law enforcement authorities to report your action(s).

This promise will be voided if it is discovered you mislead us on your actions.  In short be honest and follow the above points and all will be fine.

It is our goal to help secure the Internet by working with responsible parties and with the understanding that many will try to avoid detection.  Therefore we thank all open security researchers for finding and addressing concerns with us in a responsible manner.

Bottom line: Play nice and we’ll play nice.