zalter.comDashboard

Vulnerability disclosure policy

We take the security of our systems seriously. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

1. ZALTER SECURITY + RESEARCHER COLLABORATION

We believe community researchers play an integral role in maintaining Zalter Identity as a secure service and helping to protect our customers and their data. Our aim is to do what's best for our users, customers, partners, and the general health of the Internet.

We appreciate all security submissions from the research community and strive to respond in an convenient manner. We will investigate legitimate reports and do our best to quickly fix any identified issues. Our investigation panel consists of members from the Zalter Core Team.

Please submit your report to our team as soon as you believe you have found a security vulnerability. All submissions must meet the terms of this Vulnerability Disclosure Policy (“policy”).

2. SCOPE

Anything not explicitly defined In-Scope is by default Out-of-Scope

In-scope items:

  • core.api.zalter.com
  • identity.api.zalter.com

Out-of-Scope Items:

  • zalter.com
  • developer.zalter.com
  • dashboard.zalter.com

3. RESTRICTIONS

  • You must comply with all applicable laws and must not compromise or disrupt any data that is not your own.
  • No automated scanning
  • No DoS

4. EVALUATION AND EXPECTATIONS

If you believe you’ve found a security vulnerability in one of our products or platforms please submit the report directly to us at security@zalter.com, preferably via PGP. We ask that you write clear and concise reports to enable us to make a determination. Please make sure to include your methodology, step-by-step, and only submit after you verify your bug. Please use the following template:

Report Date:

<July 20, 2022>

Discovered by:

<Name - company, Inc>

Description:

<Fully describe the issue and impact.>

Step-by-Step Proof of Concept:

<Step-by-step technical details to reproduce the issue. Please provide as much detail as possible to allow us to quickly triage and respond.>

Recommendations:

<This is optional, but we appreciate feedback from researchers.>

Timeline:

<This is optional, but it’s helpful for researchers to keep a timeline of communications so that all parties are in sync.>

Full Write-Up:

<This is optional, but we recognize that some vulnerabilities require a longer explanation, details, or other background. We reserve this section for such items.>

Get in touch with us

Was this page helpful?