Clarus R+D Responsible Disclosure Policy
Data security is a top priority for Clarus R+D, and Clarus R+D believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability, please notify us. We will work with you to resolve the issue promptly.
- If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at email@example.com. We will acknowledge your email within five business days.
- Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.
- Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Clarus R+D service. Please only interact with accounts you own or for which you have explicit permission from the account holder.
While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Social engineering or phishing of Clarus R+D employees or contractors
- Any attacks against Clarus R+D’s physical property or data centers
- Thank you for helping to keep Clarus R+D and our users safe.
We may revise these guidelines from time to time. The most current version of the guidelines will be available at https://clarusrd.com/disclosure.
Clarus R+D is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at firstname.lastname@example.org.
Employees who violate this policy may face disciplinary consequences in proportion to their violation. Clarus R+D management will determine how serious an employee’s offense is and take the appropriate action.
It is the CTO’s responsibility to see this policy is enforced.
Last updated: 11/06/2020