Vulnerability Reporting Policy
Security researchers seeking information on how to report security issues to EMP Trust should review our responsible disclosure policy.
EMP Trust Vulnerability Reporting Policy
Keeping our customers’ data secure is our number-one priority, and we encourage responsible reporting of any vulnerabilities that may be found in our site or application.
EMP Trust is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. The EMP Trust security team acknowledges the valuable role that independent security researchers play in Internet security.
Additionally, EMP Trust pledges not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems as long as they adhere to the conditions below.
Testing for Security Vulnerabilities
Conduct all vulnerability testing against Trial or Developer Edition organizations (instances) of our online services to minimize the risk to our customers’ data.
Reporting a Potential Security Vulnerability
- Privately share details of the suspected vulnerability with EMP Trust by sending an email to the security team
- Provide full details of the suspected vulnerability so the EMP Trust security team may validate and reproduce the issue
EMP Trust Does Not Permit the Following Types of Security Research
- Causing, or attempting to cause, a Denial of Service (DoS) condition
- Accessing, or attempting to access, data or information that does not belong to you
- Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
The EMP Trust Security Team Commitment
To all security researchers who follow this EMP Trust Vulnerability Reporting Policy, the EMP Trust security team commits to the following:
- To respond in a timely manner, acknowledging receipt of your report
- To provide an estimated time frame for addressing the vulnerability
- To notify the reporting individual when the vulnerability has been fixed
No Compensation
EMP Trust does not compensate people for reporting a security vulnerability, and any requests for such compensation will be considered a violation of the conditions above. In such an event, EMP Trust reserves all of its legal right