Overview_Header-stk

Vulnerability Disclosure Policy

Policy

This is the policy that Softtek has defined for the disclosure of vulnerabilities that "Ethical Hackers", also known as "White Hat Hackers", can identify in the "websites" belonging to Softtek. If you identify vulnerabilities in our sites or applications, we appreciate your help by disclosing it to us in a responsible manner. Softtek’s cyber security team will validate and fix vulnerabilities that you designated in accordance with our relevant policies. Softtek reserves all its legal rights in the event of any non-compliance to the applicable laws and regulations.

Commitment

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and Softtek will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

 

Bug Bounty Program

Softtek doesn’t have a bug bounty program in place.

 

Rules for Finding Security Vulnerabilities

  1. Only use techniques that are necessary to find or demonstrate vulnerabilities in our websites.
  2. Do not use any weaknesses you discover for purposes other than your own specific research.
  3. Do not use social engineering to gain access to a system.
  4. Do not install backdoors, not even to demonstrate the vulnerability of a system. Backdoors will weaken the security of the system.
  5. Do not modify or delete system information. If you need to copy information for your research, never copy more than you need.
  6. Do not tamper with the system in any way.
  7. Infiltrate a system only if necessary. If you manage to infiltrate a system, do not share access with other people.
  8. Do not use brute force techniques, such as repeated password entry, to gain access to systems.
  9. Do not use denial of service (DoS) attacks to gain access.
  10. Report vulnerabilities only to Softtek


Reporting Vulnerabilities

If you identify a valid security vulnerability in compliance with this VDP, Softtek shall acknowledge receipt of your vulnerability report and, if necessary, work with you to understand and validate the issue, Softtek will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Softtek will deem the submission as non-compliant with this VDP.

We will appreciate you report your findings by sending an email to security@softtek.com and include the site(s)/applications affected.

If you want us to contact you, include the way to do it, either by phone or by email. Softtek will not share your information with anyone outside of the cybersecurity personnel who will review your report.

Last modification: nov 2022.