All IT systems can have bugs and weaknesses. Some of these can compromise the integrity, privacy, and availability of our services. Thus, it is of utter importance to manage these findings in a responsible way.
The following disclosure policy addresses these potential issues.
One of our main objectives is to maintain a constructive dialogue with you to discuss, confirm, and resolve any issues found.
Should you encounter such issues in context to and with our websites, products or services, please feel free to inform us using the following address: disclosure@amidiro.com.
Please provide us with sufficient technical information about your finding.
For instance:
- web server IP-address and name
- IP-address of exploring system
- the kind of vulnerability (i.e. code injection, RXSS, DOS, etc.)
- explanation, HTTP-Request or API-call to exploit the vulnerability
If you contact us concerning an issue we will do the following:
- We will send you a qualified feedback about the finding
- We will keep in touch with you until the issue is resolved
- We will work to resolve the issue as soon as possible and according to its severity
We ask you to respect the following:
- Inform us as soon as you encounter a finding
- Do not exploit the finding to dig deeper into our or others systems, to extract any data or to harm our or others systems or rights.
- Do not disclose you finding to the public before we resolved or disapproved it.
- Do not use physical force or social engineering nor any kind of DDOS or other measurements that potentially harm our or others rights.