Responsible Disclosure Policy - Surevine

Responsible Disclosure

At Surevine we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

E-mail your findings to security@surevine.com
Encrypt your findings using our PGP key to prevent critical information from falling into the wrong hands.
Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
Do not reveal the problem to others until it has been resolved.
Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - http://gpgtools.org

mQINBFJNmzkBEACxluKaYSAyrODTE3ce5AtPZ/HkWMPsERK5JT1rb23q2SL1tewc
PLranLEp/jZuA29G3oWkCulk3dIAVvC0mp/9M2IxvWpfNdJr1yYTNL7cZsZFYYx1
C7OeDBU9tGL2KFT12eUGLI4J6W9OhdvQ3NIMQwJLBLf4tQusHzq7noC5xhMSQjHp
sByOgfYYr8IbkW6mlCWogFrKOGIZnpR6qRBDglgiVJXJbaA9JVP+Kw+pgxsMS39n
7NjrSjnTux+6BgXTZDxhdtxchEiji1jc7wy1BCweDC5Y5w7oCuA1vReYWi/tyS50
I1ac+63zK3xbRxdRa2b6vrKY9GQeyoOb2oI660huyMJEW9vDcZpQy7tHRYFFkaX8
MydH7muBqaU8PhiuJ2qAjw9lo9wN+fWMAZDhgpm7semcRhyZkpopctqxz7zK7WEh
/5z7ffm72O744WGM5pB3T5TuoQbjUSZzloOFvO61Mqa9tkQxm5Ng4GfG04QGjfBk
gCF4Cnf4Ge93ruUqWfdlhuRSQsuApefVQoPpCzLO/Ihv7hyHudv/RwR7SqfP6fLu
0oFY5kN48Ip3Jh+G/QFrrYq7q29nUxfG7EXwK4MP3FbD/+tdq3FMiGtcXAaf1ISv
gOp08p6dK+aZ2etK9TAyqNZQFWXCwvNB3v3y7tPPy+ENe4o57pacEtv9ywARAQAB
tEJTdXJldmluZSBTZWN1cml0eSAoU2VjdXJlIFNvY2lhbCBTb2Z0d2FyZSkgPHNl
Y3VyaXR5QHN1cmV2aW5lLmNvbT6JAlQEEwEKAD4CGy8FCwkIBwMFFQoJCAsFFgID
AQACHgECF4AWIQR0S8w3QQ4bWesLXNZnBwcj8eKhxAUCWmCHuQUJC9alAAAKCRBn
Bwcj8eKhxFe9D/wJaVTaQNP5dUF7vaDQxyxrQO8Sjc2SkCOuNkz5QP1XTxqznKOA
b1rT0GKfiDktC7BQq9vimsNNbftiXWJGSFN9fEVwq0pwiO04g6A+OJeqZUVm/a7a
41QHghtEuBARFaRONHXQx/JVYTq4rmigtCz5PCEu3daQqZmqalJ/WJCBrksIx8wh
RYNavfP6L2mie3fl+ZOxmNB3eFPLInXMlyoEFvjzM10J0g485blV+/mb6mX7400U
t2R2qE/VVT34x+YCQKB9OLqMHiTdXuHvIAOpbvw1mnaOM8GU/bPsciCTufMOdq6V
70xBEXfJZCqXDLf9aPTHXBkadpmgbopXKAUPVaHC2d7sbRcjRBthDpVXO6YcsF3o
4ZXvhz0Jpq3vA3fptzzMMRvEfzB80pH7lanl1YxmNekxtG6TNvXPJOsvywIrNgVc
uvXS9gmh99z/YX0PM+jHvDOFcRpK35/H7chayiUelpiAim4yoC3rHPrrEBMS1LRV
AsQRNddPSWYD+fTjtjnwStRDIzlCPMsebB1DWCAXI3euyZOq2/BqsShixOJ9gc21
LsE6ROCbLOEpmlSzW4EmBhtXolhiAAIX9bfD/T2qeXDAkpaJQhgIDIhoNu1u1KlK
rZr9dlSAxNBi7jSvEVhSoZ5BI2YyYbLg8o/K9FgvPcSm8B4wzCE7RIGMp7kCDQRS
TZs5ARAAs/Ne/S0RwwH0xKOFHmIjap05Fxr0bRagdcEa3+Z7fkp7Yz8b5ok/nLPJ
nTXvylRtstJAZRWVKmTh+MisIbJcvd5mMzRduAfptUy5nVcbAZ0GReYbeCwyHm6Z
Ny4/Zq6Z2w+DXoM4pZJc6+76v4fKZv3WKEymmLk9sZeX/+53PTYjxB4LVBRoH92O
FDty5w/RGjoYcthx1ZpOLHklB0ELoiQkv2EtmSIVUpGEXWoJcs2AQ2Y7BeHHlWqd
VZCCmO849dKPEz8Ywf8REMWBBMUqK0e2BZUYr+tbRxn0OMiEIUrEACIc6Q7SAIWf
n2fXNmzcMkPOAz4/KLSrltS51BvoIIcxbLUbMHcYtbR/wot+705A1iiXyfWM114S
QFIT0InmNgK9gkCuAwymPmveed7SoPWz23KJh+QPDnOX0toBIDULjmaJLnTAJK+L
t4u1KL1gWD3/dolvx0sdJPeLuXoXkUBydffwrF5jLeKJj4chM+9+Gz6mHapMLTlx
v1SOyJuKn5SwtN0Tp3CdkZE+8dRED+5Mh60BL/FjHOrCRhvZ0fx6UpGkwbZFI8kn
w7yVsMT3K40o+NXrNdjycONeb7rLJSTEXWZCHMV8Mld7vJZppIe+fZhYt/EMtiGD
FB3ki6ctO1msp+TDPuMMBeYdZitAxzk1Gkpz1nHilQOSBFZIlbMAEQEAAYkERAQY
AQoADwUCUk2bOQIbLgUJB4YfgAIpCRBnBwcj8eKhxMFdIAQZAQoABgUCUk2bOQAK
CRDxL31RLOy1xb0rD/9I8W/HV4awHlO56XSryywNvqnbkt4dnWiUN5byMCMgmhmG
wyZQitYlnGY2cFLiTXs6EVHJ22pkttWDusybkmMuL6Imnu51muijQcTVPO06gx4x
fKQBGEBhF5dEJ7UeQePHtbKZd0P2P2Cs5DFz4DL52XNxHOK4zDwvb1aPKJH7p6tK
OUiroADF/QjXKr0r2CdX7ihgsCKtOyrpUgUdgFOAte9xNJfvNRag99L3t/cqv1Db
K96nvWm7ALQcHmpuoJbkk6NxIifJSzp7cHHZkkO9vwTDI721iEefgLM/uXeff83x
aoGN6LKgVu2ZLLSJt0XVVo+wcszt4V3K18eY/fsTkgGOF+RVOA12O2t5A77+sDej
YJ9lvGjXxxb4GuxWpMawJnI2bkXsdJA4PmiVmhbxg25G0h96nhrgefkpTRPVml8/
CW6ZMqcCsuh3htQOETtTz5rm7EtjqvO4blgAqnTE3vDjab6315lYWJn8CyrQ1ynT
HpsexEpmLPMZv4Iky4CYVc6QdiFfUyLXtbXRnTCuh+cSse9S9FgJQiT3/71GxtSc
nsBv27+eD7E/5GdLCFd3c9WtHYIov+KpVaiTH0IkJ5VFJutflDnbymdRP+iuyBY+
XfiQCwzvZzZA4qzdtZC8KdvECRLCl1UXMTT8Ex8q3TPS+UdPzy7YflWAmL0vCs/j
D/95nC+XtBc2rNVjOF7Lknt8OFIYXsZVZ89EPJjHdy2W3xTaii6F1Hhkq6RgxDEA
t0SdcI9bDfHEK0qbdpeJTpRswyVSLusTubGbyYNSBGsiKdVtlQp24YEH61Jb9EPI
Cd1c5+lvsSFL0I/SE7R/qeVBH/iZ3g6H3Wy9A88BgXYb5iLLlfQEWox/JyF0WABx
ZDUgh2gJ4Zf1MekQU6PrpwX2h0y++l7c2g+ChDrcUvlcftCELll9mX/pMfnDDjpj
eLqitnKxJK30QmA9lycELNCE6DY7mhE0dOjN9zBX+WHaNtLKRYUbQ7nSGn73uS/i
aJgoliosd6ZcCLZLboz9Ugxv83liaRMWa3YO0Syo2XiAqK6yVgf7C3CZujefkBE+
f/GuZVAb/oiEvj4XXJIpyDhsdxlVtdz/ci+9+VW/MrTMkfzkPQw35PYUzHt0F5rB
eDM0WvhS4PpBAd8UOvCs5yBeyPPMqmbWS8A/alQfF7I6CuEByvzCY/BJIerPNsES
r5zdUBZPaYdER1bhzr2zOx3MJkk7P5wwUQ6JZnnBme3ihmoYKCtpRmrzazEhdKtS
s2Z4ze50k/ZbYr7P2aXFDEd75ZaziZB7ZHUZKigoJwixc0BjMcvq/LNIqQ8Bbjor
dN7Zb9fMTiP0dlugqQhXDXZQyV2AOfQK2Al8F+5p35famw==
=6ZZS
-----END PGP PUBLIC KEY BLOCK-----

What we promise:

We will respond to your report within 10 UK working days with our evaluation of the report and an expected resolution date.
If you have followed the instructions above, we will not take any legal action against you in regard to the report.
We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
We will keep you informed of the progress towards resolving the problem.
In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise).
We strive to resolve all problems as quickly as possible, and we would like to play an active role in the publication of the problem after it is resolved.

("based on Creative Commons licensed disclosure policy by Floor Terra" http://responsibledisclosure.nl/en/ )