Security Vulnerability Reporting Policy
Security Vulnerability Reporting Policy
Security Vulnerability Reporting Policy
Última actualización: Septiembre 2023
Security Vulnerability Reporting Policy
Triton Digital believes the security research community can provide a valuable service to society, ensuring that companies are taking an active and meaningful role in connection with the privacy and security of information retained on its customers. We value the good faith efforts put forth by this community and endeavor to work collaboratively with security researchers to confirm, replicate, and take appropriate action in relation to legitimate reported vulnerabilities. We encourage security researchers to notify us of any legitimate security vulnerabilities following our vulnerability disclosure process outlined below.
If you have identified a legitimate security vulnerability and would like to report it to us, please send an email to secops@tritondigital.com. Please be sure to include your name, contact information, and company name (if applicable). Please do not include any vulnerability information in the initial email. For inquiries that we deem legitimate, we will respond to your email with an encrypted session to ensure the security and privacy of information sent and received. Any subsequent correspondence will be secured through encrypted channels and may include vulnerability details.
Responsible Disclosure Guidelines
We will investigate legitimate reports of security vulnerabilities and make an effort to resolve them as soon as reasonably possible. To show good faith and encourage responsible reporting, and as long as you comply with our reasonable requests, we do not intend to take legal action against you or enlist the assistance of law enforcement to investigate you if you follow our guidelines for responsible disclosure noted below:
- Provide a detailed account of the vulnerability, including information necessary to replicate and confirm the vulnerability
- Do not alter, view or retrieve data that does not belong to you (e.g. exploit a vulnerability to examine the issue further)
- Avoid violating the privacy rights of others, destroying data, and interrupting or degrading our services (e.g. DoS)
- Give us a reasonable amount of time to correct the vulnerability before making any information public
