Vulnerability Disclosure Policy

At KnowledgeOwl, we take the security and integrity of our customer’s data seriously. As such, we welcome input from security researchers to ensure that, should any vulnerabilities in KnowledgeOwl arise, that they can be addressed quickly and effectively. However, to ensure that our customers are not impacted during any vulnerability discovery activities, please follow the terms below before testing for any vulnerabilities. 

KnowledgeOwl pledges to not initiate any legal action against researchers that follow the terms below. 

Testing For a Vulnerability

Please restrict any testing to the following sites:

  • app.knowledgeowl.com 
  • support.knowledgeowl.com
  • www.knowledgeowl.com

Testing KnowledgeOwl customer sites is not allowed without first obtaining permission from both KnowledgeOwl and the Customer.

If a researcher requires an account for testing, please feel free to sign up for a trial of KnowledgeOwl. Should the trial period expire before testing is complete, please contact us and we will be happy to extend the trial period for security research activities.

Restrictions

Generally, please do not perform any activities that will negatively impact users of KnowledgeOwl. Additionally, the following actions are specifically restricted: 

  • Modification of data owned by other users 

  • Deletion or corruption of data owned by other users

  • Denial of service attacks

  • Social engineering attacks including phishing

Please do not violate any laws or agreements in order to locate vulnerabilities.

Reporting a Vulnerability

Please report any details of the discovered vulnerability to the following email address: security@knowledgeowl.com

The more details that the researcher is able to provide, the faster we will be able to respond to any vulnerabilities.

Vulnerability Acceptance and Remediation

KnowledgeOwl will make an effort to address every vulnerability report that is submitted to us. Following submission, we will attempt to reproduce the finding to ensure that it is valid and impactful and not a duplicate or previously accepted risk. Should the vulnerability be valid and require remediation, KnowledgeOwl will internally discuss what actions need to be taken and how the vulnerability will be remediated. Our goal is to remediate any accepted vulnerabilities within 90 days of the report date, after which the vulnerability may be publicly disclosed by the researcher if so desired. We will endeavor to keep in contact with the security researcher during this process and provide updates on projected remediation timeline and will inform the researcher of vulnerability remediation.

As a thank you for the security researcher’s efforts and assistance, we would be more than happy to add their name to our Hall of Fame below.

Hall of Fame

KnowledgeOwl would like to thank the following security researchers for their contributions of vulnerability reports and ensuring that KnowledgeOwl can continue to protect the data of its users.

Name

Links

Nayanjyoti Roy
https://www.facebook.com/nrh4ck3r
Jayson Vasquez Rubio
https://facebook.com/100008995930508




On the go? Bookmark this article for later with Ctlr + D
Subscribe and get notified as new articles arrive
(No spam, pinky promise)