Vulnerability Disclosure Policy

REPORTING VULNERABILITIES

We welcome responsible disclosure of vulnerabilities in accordance with this policy. If you discover vulnerabilities on the following Digital Barriers websites, please report them to us using the designated channel. (Additional domains may be included in the future.)

Reports can be submitted anonymously. If you choose to provide your contact information, we will acknowledge your report promptly.

Please submit your vulnerability disclosure via our support site at;

https://support.edgevis.com using the chat mechanism.

SCOPE OF REPORTING

Your assistance in identifying and analyzing vulnerabilities is valuable to us. Please include the following information to aid Digital Barriers in addressing the vulnerability effectively:

  • Description of the vulnerability;
  • Potential impact;
  • Technical details for reproducing the vulnerability;
  • Proof of concept code, if applicable; and
  • Any other pertinent information.

Whilst you are not required to provide personally identifying information (PII), we request a means of contact for acknowledgment and potential follow-up.

PERMISSIBLE AND PROHIBITED ACTIVITIES

This policy supports vulnerability testing that respects the confidentiality, integrity, and availability of Digital Barriers systems and services. Authorized activities include responsible vulnerability testing.

Activities that are not authorized include:

  • Network denial of service (DoS or DDoS) tests;
  • Physical testing (e.g., office access, tailgating);
  • Social engineering (e.g., phishing, vishing); and
  • Unauthorized disclosure of confidential information.

EXPECTATIONS AND PROCESS

Upon receipt of your report, we will acknowledge its receipt. We will strive to confirm the existence of the vulnerability and communicate the steps taken during remediation. Some information might not be shared due to security or legal reasons. We do not offer monetary rewards, and you understand that we won’t compensate for vulnerability reports.

In certain cases, reports might be shared with relevant entities for investigation or assistance, as authorized or required by law.

ACKNOWLEDGMENT AND RECOGNITION

We value the security community’s efforts in making the digital space safer. As a token of our appreciation for valid and valuable reports, contributors may be acknowledged in a “Hall of Fame” on our website or through other public channels. We reserve the right to withhold recognition if circumstances dictate.

SAFE HARBOR

Digital Barriers believes in fostering an open and positive relationship with the security community. Activities that adhere to this policy will be viewed as authorized conduct. Digital Barriers will not initiate any legal action against such activities. In the event of a third-party legal claim, Digital Barriers will confirm that the activities were in line with this policy.

RESPONSE TIME

We respect the time and effort taken to identify and report vulnerabilities. We strive to acknowledge reports within 48 hours of receipt. Comprehensive feedback, including our findings and potential next steps, will typically be provided within a week.

DISCLOSURE TIMELINE

Our standard vulnerability resolution timeline is as follows:

  • Initial acknowledgment: Within 48 hours.
  • Vulnerability verification: 5-7 business days.
  • Remediation & patching: Depending on the severity and complexity.
  • Public disclosure: Case-by-case basis, post remediation.

FEEDBACK LOOP

Maintaining open communication is crucial. Once you’ve submitted a report, we’ll keep you updated on our progress in addressing the issue. We may also seek additional details or clarification if required.

EXTERNAL RELATIONS

Should your report affect third-party vendors or other entities in our ecosystem, we will coordinate with them as necessary to ensure the vulnerability is addressed comprehensively, while maintaining confidentiality.

EXCLUSIONS

Please note that certain types of vulnerabilities might be considered out of scope for our program:

  • Version disclosure.
  • Descriptive error messages without demonstrated impact.
  • Publicly known vulnerabilities with a known reason for being unpatched.

RESPONSIBILITY AND CONSENT

By participating in this program, you acknowledge the potential risks and affirm that your testing and reporting activities will not violate user privacy, destroy data, or disrupt Digital Barriers’ services. You consent to handle sensitive information responsibly and in line with this policy.

LEGAL CONSIDERATIONS

You must conduct your security research activities and participation in this program in compliance with all applicable federal, state, and local laws. Unauthorized activities might lead to criminal and/or civil liabilities.

LICENSING AND USE

By submitting a vulnerability report, you affirm that the report and attachments do not infringe upon third-party intellectual property rights. You grant Digital Barriers a non-exclusive, royalty-free, worldwide, perpetual license to use, reproduce, create derivative works, and publish the report and its attachments.

GOOD FAITH EFFORT

We intend to support security research activities that align with this policy and exhibit a good-faith effort to contribute positively.

POLICY MODIFICATIONS

Digital Barriers retains the right to modify the terms of this policy or terminate the policy at any time.