Public Vulnerability Reporting Mechanism for Specialist Insight Ltd
Public Vulnerability Reporting Mechanism for Specialist Insight Ltd
- Introduction
Specialist Insight Ltd is committed to maintaining the highest standards of security for its products and services. As part of this commitment, we have established a public vulnerability reporting mechanism to allow security researchers, customers, and the general public to report potential security vulnerabilities. This mechanism aims to facilitate responsible disclosure, ensuring that vulnerabilities can be addressed promptly and effectively.
- Scope
This mechanism covers the following:
- All web applications and services provided by Specialist Insight Ltd.
- All mobile applications developed and distributed by Specialist Insight Ltd.
- Any other software or hardware products developed and maintained by Specialist Insight Ltd.
- Reporting Procedure
Step 1: Identification
When you identify a potential security vulnerability in any of Specialist Insight Ltd’s products or services, please document the details of the vulnerability, including:
- The product or service affected.
- The nature of the vulnerability.
- Steps to reproduce the issue.
- Any potential impact or exploit scenario.
Step 2: Submission
Submit your findings via email to: [email protected].
Please use the subject line: “Vulnerability Report: [Product/Service Name]”
Include detailed information about the vulnerability, your contact information, and any supporting documentation or screenshots.
Step 3: Acknowledgment
You will receive an acknowledgment of your submission within 48 hours.
Our team will review the submission and may reach out for additional information if needed.
Step 4: Investigation and Resolution
Our team will investigate the reported vulnerability to verify its validity and impact.
We will strive to resolve valid vulnerabilities promptly and will keep you informed of the progress.
Upon resolution, we will issue a public advisory if applicable, crediting the reporter if they wish.
Step 5: Feedback and Coordination
Throughout the investigation, we may communicate with you to gather further information or provide updates on the status of your report.
We appreciate coordination and ask that you avoid publicly disclosing the vulnerability until we have had a reasonable time to address it.
- Guidelines for Reporting
To ensure effective processing of your report, please adhere to the following guidelines:
Confidentiality: Do not share vulnerability details with third parties until we have had an opportunity to address the issue.
Responsibility: Provide a detailed and clear description of the vulnerability and its potential impact.
Ethics: Avoid engaging in activities that could disrupt services or compromise the privacy and security of our customers.
- Recognition and Rewards
We value the contributions of security researchers and will recognise and reward those who help us improve our security. While we do not have a formal bug bounty program, we may offer tokens of appreciation or public recognition based on the severity and impact of the reported vulnerability.
- Contact Information
For any queries related to the vulnerability reporting process, please contact:[email protected]
- Legal
By submitting a vulnerability report, you agree to allow Specialist Insight Ltd to use the information provided to mitigate the vulnerability and to include it in any future advisories or reports. We will not pursue legal action against researchers who follow this responsible disclosure policy.
Conclusion
Your efforts in reporting vulnerabilities help us enhance the security and reliability of our products and services. We appreciate your cooperation and commitment to responsible disclosure.