Vulnerability Disclosure Policy
Last updated March 01, 2024
Introduction:
At PARVISOR.COM (“PARVISOR.COM”), we take the security of our Software as a Service (SAAS) platform seriously. We value the contributions of security researchers and the broader community in identifying and responsibly disclosing potential security vulnerabilities. This Vulnerability Disclosure Policy outlines the guidelines and procedures for reporting security vulnerabilities to PARVISOR.COM.
Responsible Disclosure:
PARVISOR.COM encourages responsible disclosure of any security vulnerabilities or weaknesses found on our platform. If you discover a potential vulnerability, we appreciate your cooperation in following the guidelines outlined in this policy to responsibly report it to our security team.
Scope:
This policy applies to any potential security vulnerabilities identified in PARVISOR.COM’s web applications, APIs, or infrastructure.
Reporting a Vulnerability:
If you believe you have found a security vulnerability or weakness in PARVISOR.COM, we request that you follow these steps for responsible disclosure:
Step 1:
Submit a detailed report of the vulnerability to our security team at [security@PARVISOR.COM]. Please provide as much information as possible, including:
- Description of the vulnerability and its potential impact.
- Steps to reproduce the vulnerability.
- Any supporting documentation, such as proof-of-concept code or screenshots.
Step 2:
Allow us a reasonable amount of time to investigate and address the reported vulnerability before disclosing it publicly or to any third parties. We commit to acknowledging your report within [5 business days] and will keep you informed of our progress during the investigation and resolution process.
Step 3:
Work with our security team in a coordinated and good-faith manner to validate and remediate the vulnerability.
Our Commitment:
PARVISOR.COM is committed to:
- Acknowledging receipt of your vulnerability report promptly.
- Conducting a thorough investigation of the reported vulnerability.
- Keeping you informed of our progress and expected timelines for resolution.
- Addressing and remedying the vulnerability in a timely manner.
- Giving credit to the reporter if desired and agreed upon for responsible disclosure.
Exclusions:
The following activities are expressly prohibited and must not be attempted:
- Any attempt to access, modify, or delete data belonging to others.
- Any attempt to disrupt or degrade the performance of PARVISOR.COM’s services or infrastructure.
- Any attempt to exfiltrate or misuse sensitive data.
Legal Considerations:
PARVISOR.COM commits to not pursue legal action against security researchers who make a good-faith effort to report security vulnerabilities to us. We expect researchers to comply with all applicable laws and refrain from engaging in any harmful activities.
Rewards and Recognition:
PARVISOR.COM may, at its discretion, offer rewards or recognition to researchers who report valid and critical security vulnerabilities. The reward amount will be determined based on the severity and impact of the vulnerability.
Contact Information:
For reporting security vulnerabilities or inquiries related to our Vulnerability Disclosure Policy, please contact our security team at:
Email: [security@PARVISOR.COM]
By participating in PARVISOR.COM’s Vulnerability Disclosure Program, you agree to comply with the terms of this policy.
Date of Last Update: March 01, 2024