Responsible Disclosure Policy

Introduction

At Fireline Communications, we take the security of our services and customer data very seriously. We appreciate the efforts of security researchers and members of the wider community in helping us identify and address potential vulnerabilities. This Responsible Disclosure Policy outlines our commitment to addressing reported security issues promptly and appropriately.

Guidelines

If you believe you have discovered a security vulnerability in any of our services or products, we encourage you to disclose it to us in a responsible manner. We request that you follow these guidelines when reporting vulnerabilities to us:

  1. Scope: This policy covers security vulnerabilities found in Fireline Communications services, products, applications, and infrastructure.
  2. Confidentiality: Please do not disclose the vulnerability to the public or to any third party before it has been resolved and agreed upon with Fireline Communications
  3. Responsible Testing: Do not attempt to exploit the vulnerability beyond what is necessary to prove its existence.
  4. Provide Details: Provide detailed information about the vulnerability, including a description, potential impact, and steps to reproduce it. Screenshots, videos, and proof-of-concept code are highly encouraged and appreciated.
  5. Legal Conduct: Do not engage in any activity that could potentially harm Fireline Communications, its customers, or its users.

Reporting a Vulnerability

To report a security vulnerability, please send an email to security@firelinecommunications.com with the subject “Security Vulnerability Report.” Please include the following information in your report:

  • Your name and affiliation (if applicable).
  • A detailed description of the vulnerability.
  • Steps to reproduce the vulnerability.
  • Any proof-of-concept code, screenshots, or videos that demonstrate the vulnerability.
  • Your contact information for further communication.

Our Commitment

  • We will acknowledge receipt of your report within 2 business days.
  • Our security team will investigate the issue and, if necessary, work with you to better understand the details.
  • We will make all reasonable efforts to resolve the issue promptly and will keep you informed of the progress.
  • We will publicly acknowledge your responsible disclosure once the issue has been resolved, if you desire so.

Exclusions

The following issues are considered out of scope for our responsible disclosure program:

  • Social engineering attacks.
  • Physical attacks against Fireline Communications employees, offices, or data centers.
  • Issues that have already been reported by another researcher.
  • Vulnerabilities that are not within the scope of our services and products.

We appreciate your help in keeping Fireline Communications and our customers safe. Thank you for your cooperation and for making the internet a more secure place.

Sincerely,

Fireline Communications LLC.

 

 

 

 

Version 1.1
10/14/2023 10:47