AFFILIATES Responsible Disclosure Program | e2e-assure

> Responsible Disclosure Programme..|


Guidelines

We ask that all researchers:

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
  • Perform research only within the scope set out below
  • Use the identified communication channels to report vulnerability information to us
  • Keep information about any discovered vulnerabilities confidential between yourself and e2e-assure until we have successfully resolved the issue

Please do not:

  • Run automated scans against our systems
  • Perform any physical testing (e.g. open doors, tailgating)
  • Attempt any social engineering attacks (e.g. phishing, vishing)
  • Test any systems or applications not listed in the 'Scope' section
  • Submit UI/UX bugs, or spelling mistakes
  • Perform any DoS or DDoS testing
  • Send any personally identifiable information

Scope

Please note, any partner organisations are deemed 'out of scope' for testing.


If you follow these guidelines when reporting an issue to us, we commit to:

  • Not pursue or support any legal action related to your research
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)
  • Recognize your contribution, if you are the first to report the issue and we make a code or configuration change based on the issue

How to report a security vulnerability

If you believe you have found a security vulnerability in one of our products or platforms please use the details on the 'Contact Us' page to get in touch. Please include a summary of your disclosure, and contact details for you. We will then be in touch shortly.

Thanks!

We would like to thank the following individuals for their efforts:

  • Your name here?



The other side of the same coin: Security Issue Reporting


QUALIFICATIONS

  • GCIA
  • GREM
  • GCFE
  • GCIH
  • GSEC
  • CLAS
  • BSI
  • CESG
  • IASME
  • CES Plus

ORGANISATIONS

  • HM Government
  • Cyber Security Challenge
  • Tech UK
  • Crown Commercial Supplier
  • UKCEB
  • IOD
  • UKCSF
  • BCS

PARTNERS

  • HEX
  • Risual
  • UKCloud
  • Surevine