Vulnerability Disclosure Policy

As a provider of security solutions, Appthority takes the security of our products and those we assess, interact with and connect to very seriously. As such, Appthority will quickly attempt to resolve any incident that may compromise the people and organizations we have made it our mission to protect. We also strive to provide helpful feedback to the security community and responsible disclose discovered or potential issues.

How to Report a Potential Appthority Security Issue

If you believe you have found a vulnerability in an Appthority product or service, please contact security@appthority.com.

If it contains sensitive data please use our PGP key to encrypt communication between us:
https://assets.appthority.com/Appthority_Security_Team_pub.asc

How the Appthority Research Team Reports Security Issues it Finds

When the Appthority research team finds serious vulnerabilities in other vendor’s products, applications, or services, Appthority follows a disclosure policy which takes a series of steps to notify the relevant parties about the issue.

According to that policy, Appthority will:

  • Attempt to contact the vendor or app developer by email and/or telephone.  
  • Provide evidence and vulnerability details to the vendor, app developer, and/or app market that distributes the application.
  • Allow at least seven days after initial attempts to contact vendor or app developers before making advisories available to the general public. We understand investigation, patches, etc. may take longer and will work with vendors or app developers to extend past seven days if needed. Appthority also believes in “coordinated” vulnerability disclosures when possible.
  • Keep all communication with the appropriate parties confidential until the end of the disclosure process.