Vulnerability disclosure program ================================ Last updated |today| .. toctree:: :maxdepth: 1 :titlesonly: .. _vulnerability disclosure program: About the program ----------------- Logicly is committed to the security of our applications and services we offer our customers. We recognise the value of security professionals and the role they play in identifying and mitigating these risks. If you have discovered a vulnerability that affects the confidentiality, integrity and availability of Logicly's applications and services, please contact us as soon as possible according to the instructions provided in this policy. Any security risk identified is considered sensitive and confidential information as it could adversely impact our customers and services. Due to the impact this may have, the report and your findings must only be shared with Logicly. Please do not disclose or discuss any information publicly as this is prohibited and may result in legal action. What's not permitted -------------------- - Unauthorised access to systems, accounts or information. - Social engineering (eg. phishing, smishing). - Clickjacking. - Denial of Service (DoS or DDoS) attacks. - Physical attacks and testing (eg. office access, property belonging to Logicly and its employees). - Introducing malware or any malicious software that could disrupt systems and services. - Any attempts to modify, destroy or exfiltrate data. - Utilising automated vulnerability assessment tools and scan reports. - Vulnerabilities that are not directly exploitable, which includes, but not limited to: - Misconfigured or missing DNS records such as SPF or DMARC. - Weak or insecure SSL ciphers or certificates. - Disclosure of known public files or directories. Report vulnerabilities ---------------------- To report a potential security vulnerability relating to a Logicly system or service, email the details to vdp@logicly.com.au. When submitting the report, please provide the following: - Your name and contact information. - Date, time and time zone the vulnerability was identified. - Affected Logicly system or service. - Detailed description of the vulnerability. - Clear steps to reproduce the vulnerability. - If possible, recommendations to rectify the vulnerability. Report review ------------- When we receive the reported vulnerability: - We will respond to you via email within five business days confirming that we have received the report. - Review the report to verify the vulnerability and determine if it is within scope. - Keep you informed of our progress. - Seek further clarification from you to verify the vulnerability if required. - Advise you when the vulnerability has been rectified. Recognition ----------- Logicly will not financially compensate you for any reported vulnerabilities, however we do value your time and effort. With your permission, your name will be published below to recognise the security professionals who have contributed to our vulnerability disclosure program. .. Security professionals who have disclosed vulnerabilities .. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++