AFFILIATES Responsible Disclosure Program | e2e-assure

> Responsible Disclosure Programme..|


We ask that all researchers:

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
  • Perform research only within the scope set out below
  • Use the identified communication channels to report vulnerability information to us
  • Keep information about any discovered vulnerabilities confidential between yourself and e2e-assure until we have successfully resolved the issue

Please do not:

  • Run automated scans against our systems
  • Perform any physical testing (e.g. open doors, tailgating)
  • Attempt any social engineering attacks (e.g. phishing, vishing)
  • Test any systems or applications not listed in the 'Scope' section
  • Submit UI/UX bugs, or spelling mistakes
  • Perform any DoS or DDoS testing
  • Send any personally identifiable information


Please note, any partner organisations are deemed 'out of scope' for testing.

If you follow these guidelines when reporting an issue to us, we commit to:

  • Not pursue or support any legal action related to your research
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)
  • Recognize your contribution, if you are the first to report the issue and we make a code or configuration change based on the issue
  • We reserve the right to credit the disclosure made

How to report a security vulnerability

If you believe you have found a security vulnerability in one of our products or platforms please contact us at security(@) Please include a summary of your disclosure, and contact details for you. We will then be in touch shortly.


We would like to thank the following individuals for their efforts:

  • Your name here?

The other side of the same coin: Security Issue Reporting


  • GCIA
  • GREM
  • GCFE
  • GCIH
  • GSEC
  • GAWN
  • GCTI
  • GCDA
  • GCFA
  • GMON
  • GXPN
  • GPWN
  • CLAS
  • BSI
  • CESG
  • CES Plus


  • HM Government
  • Cyber Security Challenge
  • Tech UK
  • Crown Commercial Supplier
  • IOD
  • BCS


  • HEX
  • Risual
  • UKCloud
  • Surevine
  • Surevine
  • Surevine