Vulnerability Disclosure Policy

(Las Updated: November 2022)

PDF Version

Sharktech is committed to the protection of its website (“Site”) and services from security vulnerabilities. We monitor our network and Site for these vulnerabilities, but we accept assistance from our customers or other security researchers who discover a vulnerability in our website or services. We request that these parties abide by the following Disclosure Policy (“Policy”) in reporting discovered vulnerabilities to increase security for all parties.

1. Report a discovered security vulnerability as soon as possible to Sharktech at bugreport@sharktech.net

  • Identify the suspected vulnerability.
  • Suggest steps to enable us to reproduce the issue.
  • Provide your E-mail address and secure mechanism to contact you.
  • Provide your name (and/or colleagues) if you would like to be recognized.

We will acknowledge receipt of your vulnerability report the next business day and strive to send you regular updates about our progress.

2. Once You have reported the discovered security vulnerability

  • Do not disclose a bug or vulnerability on public notice boards, mailing lists or other public forums.
  • Allow Sharktech an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, to ensure that Sharktech has developed and thoroughly tested a solution.
  • Do not utilize an exploit to view data without authorization, or compromise the confidentiality or availability.
  • Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed.
  • Do not use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact.
  • Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
  • Do not modify or destroy data that does not belong to you.
  • Never attempt non-technical attacks, such as social engineering, phishing or physical attacks against our employees or infrastructure.

Sharktech reserves all legal rights to pursue recourse should you not follow this policy or should it discover your participation in causing the vulnerability.

Because Sharktech appreciates your assistance it may, at its discretion, provide a reward for your report of vulnerabilities in accordance with this policy.