Namirial is continually adapting to the changing cybersecurity landscape and to stay ahead threats to our systems and applications. However, keeping our customer and employee information safe is not achieved by technology alone, it takes alert employees, customers and partners, who know how to recognize and report issues. For this reason, we allow our customers and partners to submit vulnerabilities and/or security events they may discover on any public-facing website or application owned, operated or controlled by Namirial. When performing any actions relating to your vulnerability submission, Namirial requires you act in accordance with the following guidelines. Engaging in any activities that are inconsistent with applicable laws or this program may subject you to criminal and/or civil liabilities.
To remain in compliance with this program, you must not:
- Violate privacy;
- Negatively impact the user experience;
- Destroy or manipulate data;
- Use exploits;
- Exfiltrate data under any circumstances, establish command line access and/or persistence, or “pivot” to other systems;
- Once you’ve established a vulnerability exists or encountered personally identifiable, financial, proprietary information, or trade secrets you must stop your test and notify Namirial immediately.
Do not perform any of the following actions:
- Destruction, alteration, disclosure, or access denial of Namirial or customer data;
- Causing or attempting to cause harm against Namirial, Namirial employees, affiliates, or customers;
- Denial of service testing;
- Social engineering (e.g. phishing) or any other non-technical vulnerability testing;
- Intentionally accessing any data or information being stored or transmitted by Namirial with exception to what is absolutely necessary to validate the existence of the vulnerability;
- Exfiltration of data; customer, financial, intellectual property, personally identifiable or otherwise;
- Public disclosure of the vulnerability without written consent from Namirial.
Intentional compromise of sensitive or confidential data, intellectual property, or financial interests of Namirial, its third parties, or personnel. To report a security vulnerability and/or any security event impacting Namirial contact us at firstname.lastname@example.org. Please encrypt the communication with this GPG public key