Responsible Disclosure Policy

Updated – October 10, 2022

Print

 

RESPONSIBLE DISCLOSURE POLICY

 

As Juphy, we give the utmost importance to the security of our services and platforms containing our users’ data. We encourage those who have discovered potential security vulnerabilities in the Juphy Platform to disclose it to us in a responsible manner through our ‘bug report’ program.

We will work with security researchers to validate and respond to vulnerabilities that are reported to us. If you discover a security vulnerability and report in accordance with this Responsible Disclosure Policy, we will not take legal action or terminate your account access. Herewith, Juphy reserves all of its legal rights in the event of any noncompliance to the applicable laws, regulations and our Terms of Service and Applicable Use Policy.

Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

  1. Testing for Security Vulnerabilities

You may only test against an account for which you are the account owner, or an agent authorized by the account owner to conduct such testing.

  1. Juphy Prohibits the Following Types of Research:

  • Accessing, or attempting to access, data that does not belong to you

  • Using social engineering techniques to gain access to a system

  • Altering or deleting any information in the system or application

  • Executing, or attempting to execute, a “denial of service attack”

  • Using brute force techniques, such as repeatedly entering passwords, to gain access to systems

  • Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages

  • Testing third party websites, applications or services that integrate with Juphy

  • Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software

  • Research conducted by minors, individuals on sanctions lists or individuals in countries on sanctions lists

  1. Reporting Potential Vulnerabilities

If you believe you have found a security issue/vulnerability, please share the details of any suspected vulnerabilities with Juphy IT & Security Team. 

  • If you are a Client or an Authorized User, please contact us through the Community Board within your Account Dashboard.

  • If you are an independent researcher/analyst, please contact us at support@juphy.com.

While investigating the matter, only use methods or techniques that are compliant with the law and necessary practices in order to find or demonstrate the weaknesses, without limiting the generality of the foregoing.

Please do not publicly announce the vulnerability but get in touch with us and give us the time to examine the issue. The safety of our users’ information and assets is our top priority. Therefore, we encourage anyone who has discovered a vulnerability in our systems to act instantly and help us improve and strengthen the safety of our sites and systems.

In reporting any suspected vulnerabilities, please include the following information:

  • Exploit details with adequate information to allow us to reproduce your steps

  • A description of the issue and where it is located along with screenshots

  • Your email address

  1. No Compensation

Juphy does not compensate individuals or organizations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.

  1. Juphy’s Commitment

To all security researchers who follow this Responsible Disclosure Policy, Juphy undertakes to:

  • Acknowledge receipt of your vulnerability report,

  • Work with you to understand and validate the issue,

  • Address the risk as deemed appropriate by the Juphy team,

  • Work together to prevent cyber-crime.

  • Publicly acknowledge your responsible disclosure, if you wish

Juphy will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Juphy will deem the submission as non-compliant with this Responsible Disclosure Policy. Juphy reserves the right to change the content of this policy at any time, or to terminate the policy.

  1. Many Thanks!

We appreciate your help by disclosing it to us in a responsible manner.

Have a question?

Not sure exactly what we’re looking for or just want clarification? We’d be happy to chat with you and clear things up for you. Anytime!
Email us
support@juphy.com