# Our email address for reporting suspected security issues Contact: security@chadis.com # Our PGP key is available here. Please encrypt all communications regarding # suspected security issues or vulnerabilities. Encryption: https://www.chadis.com/security.pgp.txt # Disclosure Statement # CHADIS strives to be as transparent as possible when it comes to security # issues. We ask that researchers and others practice "responsible" or # "coordinated" disclosure of any security issues with CHADIS in order to # protect our clients and their data. # # If you wish to investigate potential security issues with a CHADIS product, # please contact us at our contact address above to request whatever level # of access you require in order to make your investigations in the # appropriate environment (e.g. a testing environment). # # If you submit a report of a potential security issue to CHADIS, you # should expect to receive a confirmation of the report within 24 hours. If # you do not receive a receipt confirmation, please reach out to us again. # # After notifying you of our receipt of your report, we will perform an # initial investigation of the report and reply within 24 hours with # an opinion about the report. The "opinion" will likely fall into one of # several categories: (a) not considered a bug (where the reported behavior # is expected), (b) not a bug in CHADIS (such as a bug in another component # such as a web browser), or (c) a confirmed security issue. # # In the event that CHADIS confirms a security issue, we will likely ask you # to delay any publication of the reported issue until CHADIS has had a # reasonable chance to address the issue and notify our customers # (if appropriate). # # Once addressed, you are free to publish the results of your investigations # and CHADIS will include an acknowledgement of your report on our # acknowledgements page. For certain types of security issues, we may ask that # you do not publish complete details of the vulnerability. Any such requests # will be made by CHADIS specifically in writing and we will provide a # justification for any such requests.