Vulnerability Disclosure Program
GoSpotCheck, Inc. (“GSC”) is committed to operating a stable, scalable and secure platform for our clients. And while we make every effort to operate our applications and infrastructure in a secure manner, we appreciate the efforts of independent security researchers to identify security defects as well as any mitigation techniques. This program documents our expectations of the security research community and the steps we will take to address any vulnerability disclosed to us as part of this program.
GSC deals with security researchers who are operating in good faith who are attempting to discover, test, and contribute to the remediation of known and unknown security vulnerabilities that exist as a part of the GSC platform. Your participation in this program is in accordance with the following guidelines:
- You do no harm and do not exploit any vulnerability beyond the minimum amount of effort and testing required to confirm that a) a vulnerability exists and b) identify any potential mitigation techniques.
- You affirm that your research activities are limited exclusively to a) testing related to the detection of a vulnerability or security defect associated with GSC and its services, or b) sharing information related to a vulnerability or security defect for the purposes of remediation.
- You do not intentionally seek to obtain access to any content, communications or data associated with GSC or its customers except to the extent that the information is necessary to verify that a vulnerability exists.
- You do not export, retain, store, exfiltrate or hold for ransom any data discovered or derived from your security research.
- You do not compromise the security or any personally identifiable information associated with GSC or its customers.
- You do not disclose any details of the vulnerability including the means or methods of the exploit and any data obtained, either publicly or to any other person or entity even if affiliated with you, without the express written authorization from GSC and its officers.
- You do not conduct denial of service testing.
- You comply with all applicable Federal, State and local laws in connection with your security research activities.
- You do not exploit any vulnerability, and have not exploited any vulnerability in the past, for the purpose of interrupting, disrupting, suspending, holding for ransom, or otherwise taking any action that would have an adverse impact upon, any website, platform, or software of GSC.
- You disclose accurate information regarding your identity sufficient for GSC to validate that you are a bona fide independent security researcher and to remit any payment to you in accordance with all applicable laws.