Responsible Disclosure Policy
- Legal
- Security
As a provider of security services, we take security issues very seriously and recognize the importance of privacy, security, and community outreach. As such, we are committed to addressing and reporting security issues through a coordinated and constructive approach designed to drive the greatest protection for technology users. Whether you’re a user of our solutions, a software developer, or simply a security enthusiast — you’re an important part of this process.
Reporting security issues
If you believe you have discovered a vulnerability in one of our products or have a security incident to report, please fill out this contact form. If you feel the need, please use our PGP public key (789F 451C) to encrypt your communications with us.
Once we have received a vulnerability report, we take a series of steps to address the issue:
- ByteMethod Consulting requests the reporter keep any communication regarding the vulnerability confidential.
- ByteMethod Consulting investigates and verifies the vulnerability.
- ByteMethod Consulting addresses the vulnerability and releases an update or patch to the software. If for some reason this cannot be done quickly or at all, ByteMethod Consulting will provide information on recommended mitigations.
- ByteMethod Consulting publicly announces the vulnerability in the release notes of the update. ByteMethod Consulting may also issue additional public announcements, for example via social media, our blog, and media.
- Release notes (and blog posts when issued) include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous.
ByteMethod Consulting will endeavor to keep the reporter apprised of every step in this process as it occurs.
We greatly appreciate the efforts of security researchers an discoverers who share information on security issues with us, giving us a chance to improve our products and services, and better protect our customers. Thank you for working with us through the above process.
When properly notified of legitimate issues, we’ll do our best to acknowledge your report, assign resources to investigate the issue, and fix potential problems as quickly as possible.