Responsible Disclosure
At Surevine we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
Please do the following:
- E-mail your findings to security@surevine.com
- Encrypt your findings using our PGP key to prevent critical information from falling into the wrong hands.
- Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
- Do not reveal the problem to others until it has been resolved.
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
-----BEGIN PGP PUBLIC KEY BLOCK----- Comment: GPGTools - http://gpgtools.org mQINBFJNmzkBEACxluKaYSAyrODTE3ce5AtPZ/HkWMPsERK5JT1rb23q2SL1tewc PLranLEp/jZuA29G3oWkCulk3dIAVvC0mp/9M2IxvWpfNdJr1yYTNL7cZsZFYYx1 C7OeDBU9tGL2KFT12eUGLI4J6W9OhdvQ3NIMQwJLBLf4tQusHzq7noC5xhMSQjHp sByOgfYYr8IbkW6mlCWogFrKOGIZnpR6qRBDglgiVJXJbaA9JVP+Kw+pgxsMS39n 7NjrSjnTux+6BgXTZDxhdtxchEiji1jc7wy1BCweDC5Y5w7oCuA1vReYWi/tyS50 I1ac+63zK3xbRxdRa2b6vrKY9GQeyoOb2oI660huyMJEW9vDcZpQy7tHRYFFkaX8 MydH7muBqaU8PhiuJ2qAjw9lo9wN+fWMAZDhgpm7semcRhyZkpopctqxz7zK7WEh /5z7ffm72O744WGM5pB3T5TuoQbjUSZzloOFvO61Mqa9tkQxm5Ng4GfG04QGjfBk gCF4Cnf4Ge93ruUqWfdlhuRSQsuApefVQoPpCzLO/Ihv7hyHudv/RwR7SqfP6fLu 0oFY5kN48Ip3Jh+G/QFrrYq7q29nUxfG7EXwK4MP3FbD/+tdq3FMiGtcXAaf1ISv gOp08p6dK+aZ2etK9TAyqNZQFWXCwvNB3v3y7tPPy+ENe4o57pacEtv9ywARAQAB tEJTdXJldmluZSBTZWN1cml0eSAoU2VjdXJlIFNvY2lhbCBTb2Z0d2FyZSkgPHNl Y3VyaXR5QHN1cmV2aW5lLmNvbT6JAlQEEwEKAD4CGy8FCwkIBwMFFQoJCAsFFgID AQACHgECF4AWIQR0S8w3QQ4bWesLXNZnBwcj8eKhxAUCWmCHuQUJC9alAAAKCRBn Bwcj8eKhxFe9D/wJaVTaQNP5dUF7vaDQxyxrQO8Sjc2SkCOuNkz5QP1XTxqznKOA b1rT0GKfiDktC7BQq9vimsNNbftiXWJGSFN9fEVwq0pwiO04g6A+OJeqZUVm/a7a 41QHghtEuBARFaRONHXQx/JVYTq4rmigtCz5PCEu3daQqZmqalJ/WJCBrksIx8wh RYNavfP6L2mie3fl+ZOxmNB3eFPLInXMlyoEFvjzM10J0g485blV+/mb6mX7400U t2R2qE/VVT34x+YCQKB9OLqMHiTdXuHvIAOpbvw1mnaOM8GU/bPsciCTufMOdq6V 70xBEXfJZCqXDLf9aPTHXBkadpmgbopXKAUPVaHC2d7sbRcjRBthDpVXO6YcsF3o 4ZXvhz0Jpq3vA3fptzzMMRvEfzB80pH7lanl1YxmNekxtG6TNvXPJOsvywIrNgVc uvXS9gmh99z/YX0PM+jHvDOFcRpK35/H7chayiUelpiAim4yoC3rHPrrEBMS1LRV AsQRNddPSWYD+fTjtjnwStRDIzlCPMsebB1DWCAXI3euyZOq2/BqsShixOJ9gc21 LsE6ROCbLOEpmlSzW4EmBhtXolhiAAIX9bfD/T2qeXDAkpaJQhgIDIhoNu1u1KlK rZr9dlSAxNBi7jSvEVhSoZ5BI2YyYbLg8o/K9FgvPcSm8B4wzCE7RIGMp7kCDQRS TZs5ARAAs/Ne/S0RwwH0xKOFHmIjap05Fxr0bRagdcEa3+Z7fkp7Yz8b5ok/nLPJ nTXvylRtstJAZRWVKmTh+MisIbJcvd5mMzRduAfptUy5nVcbAZ0GReYbeCwyHm6Z Ny4/Zq6Z2w+DXoM4pZJc6+76v4fKZv3WKEymmLk9sZeX/+53PTYjxB4LVBRoH92O FDty5w/RGjoYcthx1ZpOLHklB0ELoiQkv2EtmSIVUpGEXWoJcs2AQ2Y7BeHHlWqd VZCCmO849dKPEz8Ywf8REMWBBMUqK0e2BZUYr+tbRxn0OMiEIUrEACIc6Q7SAIWf n2fXNmzcMkPOAz4/KLSrltS51BvoIIcxbLUbMHcYtbR/wot+705A1iiXyfWM114S QFIT0InmNgK9gkCuAwymPmveed7SoPWz23KJh+QPDnOX0toBIDULjmaJLnTAJK+L t4u1KL1gWD3/dolvx0sdJPeLuXoXkUBydffwrF5jLeKJj4chM+9+Gz6mHapMLTlx v1SOyJuKn5SwtN0Tp3CdkZE+8dRED+5Mh60BL/FjHOrCRhvZ0fx6UpGkwbZFI8kn w7yVsMT3K40o+NXrNdjycONeb7rLJSTEXWZCHMV8Mld7vJZppIe+fZhYt/EMtiGD FB3ki6ctO1msp+TDPuMMBeYdZitAxzk1Gkpz1nHilQOSBFZIlbMAEQEAAYkERAQY AQoADwUCUk2bOQIbLgUJB4YfgAIpCRBnBwcj8eKhxMFdIAQZAQoABgUCUk2bOQAK CRDxL31RLOy1xb0rD/9I8W/HV4awHlO56XSryywNvqnbkt4dnWiUN5byMCMgmhmG wyZQitYlnGY2cFLiTXs6EVHJ22pkttWDusybkmMuL6Imnu51muijQcTVPO06gx4x fKQBGEBhF5dEJ7UeQePHtbKZd0P2P2Cs5DFz4DL52XNxHOK4zDwvb1aPKJH7p6tK OUiroADF/QjXKr0r2CdX7ihgsCKtOyrpUgUdgFOAte9xNJfvNRag99L3t/cqv1Db K96nvWm7ALQcHmpuoJbkk6NxIifJSzp7cHHZkkO9vwTDI721iEefgLM/uXeff83x aoGN6LKgVu2ZLLSJt0XVVo+wcszt4V3K18eY/fsTkgGOF+RVOA12O2t5A77+sDej YJ9lvGjXxxb4GuxWpMawJnI2bkXsdJA4PmiVmhbxg25G0h96nhrgefkpTRPVml8/ CW6ZMqcCsuh3htQOETtTz5rm7EtjqvO4blgAqnTE3vDjab6315lYWJn8CyrQ1ynT HpsexEpmLPMZv4Iky4CYVc6QdiFfUyLXtbXRnTCuh+cSse9S9FgJQiT3/71GxtSc nsBv27+eD7E/5GdLCFd3c9WtHYIov+KpVaiTH0IkJ5VFJutflDnbymdRP+iuyBY+ XfiQCwzvZzZA4qzdtZC8KdvECRLCl1UXMTT8Ex8q3TPS+UdPzy7YflWAmL0vCs/j D/95nC+XtBc2rNVjOF7Lknt8OFIYXsZVZ89EPJjHdy2W3xTaii6F1Hhkq6RgxDEA t0SdcI9bDfHEK0qbdpeJTpRswyVSLusTubGbyYNSBGsiKdVtlQp24YEH61Jb9EPI Cd1c5+lvsSFL0I/SE7R/qeVBH/iZ3g6H3Wy9A88BgXYb5iLLlfQEWox/JyF0WABx ZDUgh2gJ4Zf1MekQU6PrpwX2h0y++l7c2g+ChDrcUvlcftCELll9mX/pMfnDDjpj eLqitnKxJK30QmA9lycELNCE6DY7mhE0dOjN9zBX+WHaNtLKRYUbQ7nSGn73uS/i aJgoliosd6ZcCLZLboz9Ugxv83liaRMWa3YO0Syo2XiAqK6yVgf7C3CZujefkBE+ f/GuZVAb/oiEvj4XXJIpyDhsdxlVtdz/ci+9+VW/MrTMkfzkPQw35PYUzHt0F5rB eDM0WvhS4PpBAd8UOvCs5yBeyPPMqmbWS8A/alQfF7I6CuEByvzCY/BJIerPNsES r5zdUBZPaYdER1bhzr2zOx3MJkk7P5wwUQ6JZnnBme3ihmoYKCtpRmrzazEhdKtS s2Z4ze50k/ZbYr7P2aXFDEd75ZaziZB7ZHUZKigoJwixc0BjMcvq/LNIqQ8Bbjor dN7Zb9fMTiP0dlugqQhXDXZQyV2AOfQK2Al8F+5p35famw== =6ZZS -----END PGP PUBLIC KEY BLOCK-----
What we promise:
- We will respond to your report within 10 UK working days with our evaluation of the report and an expected resolution date.
- If you have followed the instructions above, we will not take any legal action against you in regard to the report.
- We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
- We will keep you informed of the progress towards resolving the problem.
- In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise).
- We strive to resolve all problems as quickly as possible, and we would like to play an active role in the publication of the problem after it is resolved.
("based on Creative Commons licensed disclosure policy by Floor Terra" http://responsibledisclosure.nl/en/ )