heading

Standard Terms - Responsible Disclosure

Our terms here are a variation of Bugcrowd's Standard Disclosure Terms.

Standard Terms - Responsible Disclosure

Our Process

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us with a reasonable amount of time to resolve the issue before making any disclosures to the public or third parties. Please note that we operate Deskpro in the cloud but we also ship to on-premise customers who operate the software on their own private infrastructure. So we may request a little extra time to coordinate with on-premise customers - we want everyone to be safe.

Limitations

  • We expect you to operate in good faith to avoid privacy violations, destruction of data, and interruption or degradation of our service.
  • Limit your tests to your own account or on accounts for which you have been given explicit permission by the account owner.
  • Should you ever have access to data that is not your own, do not remove the data from our premises.

Rules

  • Testing should be performed only on systems listed under the "Targets" section. Any other system is considered Out Of Scope.
  • You should always create your own account for testing purposes.
  • Actions that affect the integrity/availability of our service is prohibited. If you notice a performance degradation due to your tests, please stop immediately and reach out to us.
  • Please include a description of the impact of any vulnerability. That means you should tell us how the vulnerability impacts the system or data security in a meaningful way.
  • You are encouraged to submit a video or screenshot Proof-of-Concept with your submission. These files should not be stored publicly (e.g. YouTube or Imgur etc). If you need to submit a big file, please contact us and we will make special arrangements if necessary.
  • Once you submit a vulnerability, do not disclose or share the vulnerability without permission from our team. In some cases, we may need to coordinate disclosures.