Vulnerability Disclosure Policy
At KnowledgeOwl, we take the security and integrity of our customer’s data seriously. As such, we welcome input from security researchers to ensure that, should any vulnerabilities in KnowledgeOwl arise, that they can be addressed quickly and effectively. However, to ensure that our customers are not impacted during any vulnerability discovery activities, please follow the terms below before testing for any vulnerabilities.
KnowledgeOwl pledges to not initiate any legal action against researchers that follow the terms below.
Testing For a Vulnerability
Please restrict any testing to the following sites:
Testing KnowledgeOwl customer sites is not allowed without first obtaining permission from both KnowledgeOwl and the Customer.
If a researcher requires an account for testing, please feel free to sign up for a trial of KnowledgeOwl. Should the trial period expire before testing is complete, please contact us and we will be happy to extend the trial period for security research activities.
Generally, please do not perform any activities that will negatively impact users of KnowledgeOwl. Additionally, the following actions are specifically restricted:
Modification of data owned by other users
Deletion or corruption of data owned by other users
Denial of service attacks
Social engineering attacks including phishing
Please do not violate any laws or agreements in order to locate vulnerabilities.
Reporting a Vulnerability
Please report any details of the discovered vulnerability to the following email address: email@example.com
The more details that the researcher is able to provide, the faster we will be able to respond to any vulnerabilities.
Vulnerability Acceptance and Remediation
KnowledgeOwl will make an effort to address every vulnerability report that is submitted to us. Following submission, we will attempt to reproduce the finding to ensure that it is valid and impactful and not a duplicate or previously accepted risk. Should the vulnerability be valid and require remediation, KnowledgeOwl will internally discuss what actions need to be taken and how the vulnerability will be remediated. Our goal is to remediate any accepted vulnerabilities within 90 days of the report date, after which the vulnerability may be publicly disclosed by the researcher if so desired. We will endeavor to keep in contact with the security researcher during this process and provide updates on projected remediation timeline and will inform the researcher of vulnerability remediation.
As a thank you for the security researcher’s efforts and assistance, we would be more than happy to add their name to our Hall of Fame below.
Hall of Fame
KnowledgeOwl would like to thank the following security researchers for their contributions of vulnerability reports and ensuring that KnowledgeOwl can continue to protect the data of its users.
|Jayson Vasquez Rubio||https://facebook.com/100008995930508|