Safetrust is committed to physical and digital security. We welcome feedback and notifications from customers, partners, end users, industry experts and researchers.
This page is designed to provide a destination for reporting security issues with our products or our technologies. Once you make a report, we will work quickly to identify, analyze, and respond to known vulnerabilities and provide feedback on the reported vulnerability.
Please email firstname.lastname@example.org if you wish to make an urgent notification or enquiry relating to the security of our products, technology or services.
Safetrust’s Security Vulnerability Policy
Safetrust defines a security vulnerability as a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability.
Safetrust is committed to implementing standard industry practices in relation to vulnerability reporting. We ask all vulnerability reporters to do the same by allowing us the opportunity to remediate reported vulnerabilities and for us to notify our affected customers and users before you disclose or share the vulnerability or methods to exploit with any third party.
In accordance with standard industry practice for responsible vulnerability reporting, Safetust agrees that security research performed in good-faith should be provided safe-harbor. Therefore, Safetrust will not initiate or recommend any law enforcement or civil lawsuits related to activities conducted in good faith and compliance with all applicable laws, and in a manner consistent with the expectations of this policy.
- Do not access Safetrust offices, data centres or user accounts.
- Make good faith efforts to avoid harm to Safetrust, our customers and our end users. Specifically do not perform phishing or social engineering attacks on our team members and do not spam or intentionally cause denial of service attacks on our web servers.
- Do not perform penetration testing without written approval from the Safetrust VP of Security, Privacy and Compliance.
- Comply with the applicable laws and regulations.
- Do not disrupt or compromise data that is not your own.
- Do not further exploit a confirmed vulnerability.
- If a vulnerability permits unintended access to data, limit the amount of data you access to the minimum required to demonstrate the vulnerability.
- Delete any data obtained when the vulnerability is accepted.
Bug Bounty Program
Safetrust does not currently have an active Bug Bounty Program but we will provide modest payment and credit where a new vulnerability is proven.
How to Report a Vulnerability
Safetrust welcomes reports of suspected security vulnerabilities from independent researchers, industry organizations, vendors, customers, and other sources concerned with product or network security.
Please report a vulnerability by emailing email@example.com and provide the information listed below:
- An overview of the vulnerability;
- An accurate statement of the environment or the product type and version;
- Details on how to recreate the vulnerability;
- Proof of concept code (where applicable);
- Statement on whether the vulnerability has been reported to MITRE;
- Your name (or alias) and information on how we can contact you.