Vulnerability Disclosure Policy
Found a security issue?
At Axiomatics we value the security community and if you believe you have found a security or privacy vulnerability that could impact Axiomatics or our users we encourage you to report this right away. We work to continuous improvement and would like to hear about it to be able to address it as soon as possible.
How do you report?
All reports should be sent to: firstname.lastname@example.org.
Optionally encrypted using PGP key found here!
(Fingerprint: FCCF 8C67 0B09 8311 F052 E933 05FC A3A1 B83D 7542)
When sending in your report make sure that you have included the following information:
- Your contact information (Name, email, phone number).
- As thorough explanation as possible of the vulnerability containing details about the site, URL and type of vulnerability. This is needed for us to reproduce the problem and address the issue.
- If applicable, a screenshot of the vulnerability you have found.
What do we expect of you?
- It is important for both us and our clients’ security that you follow good practice, i.e. that:
- We expect that you don’t abuse our services.
- You do not use the vulnerability to remove or modify information.
- You do not affect the availability of our services through denial of service attacks.
- You give us an opportunity to fix the reported vulnerability before going public with it.
- Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data,
- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible.
What can you expect of us?
- We will do our best to get back to you within 72 hours, with a confirmation that we have received your report and keep you updated while we process the issue.
- If you have followed the instructions above, we will not take any legal action against you in regard to the report.
- We will keep you informed of the progress towards resolving the problem.
- In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise).