This is the policy that Softtek has defined for the disclosure of vulnerabilities that "Ethical Hackers", also known as "White Hat Hackers", can identify in the "websites" belonging to Softtek. If you identify vulnerabilities in our sites or applications, we appreciate your help by disclosing it to us in a responsible manner. Softtek’s cyber security team will validate and fix vulnerabilities that you designated in accordance with our relevant policies. Softtek reserves all its legal rights in the event of any non-compliance to the applicable laws and regulations.
If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and Softtek will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
Bug Bounty Program
Softtek doesn’t have a bug bounty program in place.
Rules for Finding Security Vulnerabilities
If you identify a valid security vulnerability in compliance with this VDP, Softtek shall acknowledge receipt of your vulnerability report and, if necessary, work with you to understand and validate the issue, Softtek will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Softtek will deem the submission as non-compliant with this VDP.
We will appreciate you report your findings by sending an email to email@example.com and include the site(s)/applications affected.
If you want us to contact you, include the way to do it, either by phone or by email. Softtek will not share your information with anyone outside of the cybersecurity personnel who will review your report.
Last modification: nov 2022.