Responsible Disclosure Policy

Our Responsible Disclosure Policy

Scope

  • The e2e-assure website at www.e2e-assure.com

Guidelines

We ask that you:

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data.
  • Perform research only within the scope (our website, www.e2e-assure.com)
  • Use the identified communication channels to report vulnerability information to us (email: security@e2e-assure.com).
  • Keep information about any discovered vulnerabilities confidential between yourself and e2e-assure until we have successfully resolved the issue.

Please do not:

  • Run automated scans against our systems.
  • Attempt any social engineering attacks (e.g. phishing, vishing).
  • Test any systems or applications not listed in the ‘Scope’ section.
  • Submit UI/UX bugs, or spelling mistakes.
  • Perform any DoS or DDoS testing.
  • Send any personally identifiable information.

If you follow these guidelines when reporting an issue to us, we commit to:

  • Not to pursue or support any legal action related to your research.
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission).
  • Recognise your contribution, if you are the first to report the issue and we make a code or configuration change based on the issue.
  • We reserve the right to credit the disclosure made.

Reporting Security Vulnerabilities

We take cyber security vulnerabilities very seriously. As a responsible company, we regularly work with parties to identify and disclose any security vulnerabilities that we find. Our aim is to protect users and ensure that any potential security risks are addressed promptly.

To achieve this goal, we have established a clear process for reporting security vulnerabilities. If we identify a security vulnerability, we will report it immediately, providing a link to our verification page to ensure the accuracy of our findings.

We will then make contact with the relevant parties to responsibly disclose the vulnerability. Our aim is to work collaboratively with the parties involved to ensure that the issue is resolved as quickly as possible. However, we understand that not all parties will respond or take appropriate action.

If we have not received a response within 60 calendar days, we will proceed with responsibly disclosing the vulnerability. We believe that transparency is important in protecting users, and publishing information about security vulnerabilities is a vital part of this process.

In cases where parties do not intend to fix the disclosed issues, we will publish the vulnerability to encourage remediation. This approach helps to ensure that any potential security risks are addressed promptly and transparently.

At e2e-assure, we believe that security is everyone’s responsibility. By regularly reporting security vulnerabilities and working with relevant parties, we are committed to keeping our users safe and secure.

To report security issues, contact security@e2e-assure.com