Vulnerability Disclosure Policy

1. Introduction

NetHunt CRM is committed to ensuring data security by protecting information from unwarranted disclosure. This policy is introduced to give security researchers guidelines for conducting vulnerability discovery activity and to inform on how to report discovered vulnerabilities. This policy describes what systems and types of activities are covered under this policy, how to send vulnerability reports, and how long we ask to wait before publicly announcing discovered vulnerabilities.

2. Guidelines

We request that you:


3. Authorization

Security research conducted in accordance with this policy is considered authorized. We will work with you to understand and resolve the issue quickly, and NetHunt CRM will not recommend or pursue legal action related to your research.

4. Scope

This policy applies to the following systems and services:



Any service not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing. Additionally, vulnerabilities found in third party solutions NetHunt CRM integrates with fall outside of this policy’s scope and should be reported directly to the solution vendor according to their disclosure policy (if any). If you aren’t sure whether a system or endpoint is in scope or not, contact us at security@nethunt.com before starting your research.

5. Types of testing

The following test types are not authorized:


6. Reporting a vulnerability

Please email security@nethunt.com to report any security vulnerabilities. We will acknowledge receipt of your vulnerability report the next business day and communicate with you further about our progress. Reports may be submitted anonymously.

7. Desirable information

In order to process and react to a vulnerability report, we recommend to include the following information:



If possible, please provide your report in English.

8. Our commitment

If you choose to provide your contact information we commit to coordinating with you as openly and as quickly as possible. We will acknowledge within 3 business days that your report has been received.

To the best of our abilities we will keep you informed about vulnerability confirmation and remediation. We are opened to a dialogue for a discussion of issues.



NetHunt Inc.
651 N Broad St, Suite 206
Middletown, DE 19709
USA

Last update: April 7, 2020

We use cookies to enable more personalized website experience and offer you more relevant information.
Read our Privacy Policy to learn more. By continuing to use this site, you are agreeing to our use of cookies.

Contact Us

Thank you for reaching out!

We will contact you shortly regarding your inquiry.