Vulnerability Disclosure Policy
As a provider of security solutions, Appthority takes the security of our products and those we assess, interact with and connect to very seriously. As such, Appthority will quickly attempt to resolve any incident that may compromise the people and organizations we have made it our mission to protect. We also strive to provide helpful feedback to the security community and responsibly disclose discovered or potential issues.
How to Report a Potential Appthority Security Issue
If you believe you have found a vulnerability in an Appthority product or service, please contact firstname.lastname@example.org.
If it contains sensitive data please use our PGP key to encrypt communication between us:
How the Appthority Research Team Reports Security Issues it Finds
When the Appthority research team finds vulnerabilities in other vendors’ products, applications, or services, Appthority follows a disclosure policy which takes a series of steps to notify the relevant parties about the issue. According to that policy, Appthority will:
- Attempt to contact the vendor or app developer by email and/or telephone.
- Provide evidence and vulnerability details to the vendor, app developer, and/or app market that distributes the application.
- Allow at least thirty days after the initial attempt to contact vendors or app developers before making advisories available to the general public. We understand investigation, patches, etc. may take longer and will work with vendors or app developers to extend past thirty days if needed. Appthority also believes in “coordinated” vulnerability disclosures when possible.
- Keep all communication with the appropriate parties confidential until the end of the disclosure process.