Responsible Disclosure Policy

We take the security of our systems seriously and value the security community. The responsible disclosure of vulnerabilities helps us ensure the privacy and security of our users.

Our Responsible Disclosure Policy

Scope

  • The e2e-assure website at https://www.e2e-assure.com

Guidelines

We ask that you:
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data
  • Perform research only within the scope (our website, e2e-assure.com)
  • Use the identified communication channels to report vulnerability information to us (email security (at) e2e-assure.com)
  • Keep information about any discovered vulnerabilities confidential between yourself and e2e-assure until we have successfully resolved the issue
Please do not:
  • Run automated scans against our systems
  • Attempt any social engineering attacks (e.g. phishing, vishing)
  • Test any systems or applications not listed in the 'Scope' section
  • Submit UI/UX bugs, or spelling mistakes
  • Perform any DoS or DDoS testing
  • Send any personally identifiable information
If you follow these guidelines when reporting an issue to us, we commit to:
  • Not pursue or support any legal action related to your research
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)
  • Recognize your contribution, if you are the first to report the issue and we make a code or configuration change based on the issue
  • We reserve the right to credit the disclosure made

Security Researcher 'Hall of Fame'

  • Prabhjot Dunglay - April 2019