Vulnerability Disclosure
Security is critical to how Addresscloud operates.
We welcome the responsible disclosure of security vulnerabilities and appreciate the role security researchers play in helping us protect our customers, systems, and services.
Scope
This policy applies to vulnerabilities identified in systems, applications, or services owned and operated by Addresscloud.
Third party services or providers not controlled by Addresscloud are outside the scope of this policy.
Reporting a Vulnerability
If you believe you have identified a security vulnerability, please report it to: vulnerability@addresscloud.com
To help us investigate efficiently, please include where possible:
-
a description of the issue
-
steps to reproduce the vulnerability
-
affected systems, applications, or endpoints
-
supporting information such as screenshots or logs
-
the potential impact of the issue
Please avoid sharing sensitive personal data unless absolutely necessary.
Our Commitment
When a report is submitted in good faith, Addresscloud will:
-
acknowledge receipt promptly
-
investigate and validate the issue
-
work to remediate confirmed vulnerabilities in a timely manner
-
treat reports responsibly and confidentially where appropriate
Responsible Disclosure Guidelines
We ask that researchers:
- act responsibly and ethically
-
avoid accessing, modifying, or retaining data that is not their own
-
do not exploit vulnerabilities beyond what is necessary to demonstrate them
-
do not disrupt or degrade services or systems
-
avoid social engineering, phishing, or denial of service activity
-
keep findings confidential until the issue has been resolved by Addresscloud
Good Faith Research
Addresscloud supports responsible security research conducted in good faith and in accordance with this policy.