This policy addresses the disclosure of vulnerabilities that "Ethical Hackers," also known as "White Hat Hackers," can identify in the "websites" owned by Softtek. If you identify vulnerabilities in our sites or applications, we appreciate your help by reporting it to us. Softtek’s cyber security team will validate and fix any vulnerabilities in accordance with our policies. Softtek reserves all its legal rights in the event of any non-compliance to the applicable laws and regulations.
If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and quickly resolve the issue, and Softtek will not recommend or pursue legal action related to your research. Should legal action be initiated by a third-party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
Bug Bounty Program
Softtek does not currently have a bug bounty program in place.
Rules for Finding Security Vulnerabilities
In the event you detect a valid security vulnerability in compliance with this VDP, Softtek shall acknowledge receipt of your vulnerability report and, if necessary, work with you to understand and validate the issue. Softtek will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Softtek will deem the submission as non-compliant with this VDP.
Please report your findings by sending an email to firstname.lastname@example.org and include the site(s)/applications affected.
If you would like us to contact you, please specify the best way to do so, either by phone or by email. Softtek will not share your information with anyone outside of the cybersecurity personnel who will review your report.
Last modification: nov 2022.