UniStudents P.C. Vulnerability Disclosure Policy
Introduction
UniStudents P.C. is committed to ensuring the safety and security of our services and the data of our users. We recognize the valuable role that security researchers play in identifying vulnerabilities to keep our users and systems safe. In line with this, we encourage responsible disclosure of any potential security vulnerabilities.
Reporting a Vulnerability
Researchers who discover security vulnerabilities in our system are encouraged to report them to our security team. All reports should be made in good faith and must include a detailed description of the vulnerability, including steps to reproduce it, and any potential impacts.
Guidelines for Responsible Disclosure
- Respect our Terms of Use: Please adhere to the prohibited conduct clause mentioned in our terms of use. All testing should be non-disruptive and should not compromise the integrity, availability, or confidentiality of our services and data.
- Privacy: Respect the privacy of other users. Do not access or modify their data without explicit permission.
- Safe Harbor: Researchers engaging in the security testing and vulnerability disclosure according to this policy will not be subjected to legal actions by UniStudents P.C., provided their conduct is in good faith and adheres to this policy and our terms of use.
- Communication: Vulnerabilities should be reported via our designated communication channels. Do not disclose the vulnerability to third parties or the public until we’ve resolved the issue.
Process
- Acknowledgment: We will acknowledge receipt of your vulnerability report and will provide an estimated time for a response.
- Verification: Our security team will verify the vulnerability.
- Mitigation: We will take appropriate measures to address the vulnerability.
- Disclosure: We believe in coordinated disclosure. We will decide upon the timing and nature of disclosure in collaboration with the reporting researcher.
Safe Harbor Statement
In alignment with our commitment to security and privacy, we pledge not to initiate legal action against researchers who discover and report security vulnerabilities in accordance with this policy and the prohibited conduct clause in our terms of use.
Contact
Please report all security vulnerabilities to [email protected].
Review and Amendments