Vulnerability Disclosure Policy

Introduction

GlobalReach Technology is committed to ensuring the security of our products and services. We recognize the importance of collaboration with security researchers and external parties to identify and address potential vulnerabilities in our systems. This Vulnerability Disclosure Policy outlines the guidelines for reporting security vulnerabilities discovered in GlobalReach Technology products, services, or infrastructure.

Scope

This policy applies to all GlobalReach Technology products, services, and systems.

Guidelines for Reporting Vulnerabilities

GlobalReach Technology encourages responsible disclosure of security vulnerabilities. If you believe you have discovered a security vulnerability, please report it to us promptly following these guidelines:

  1. Confidentiality: Please provide sufficient details of the vulnerability to allow our security team to reproduce and validate the issue. However, do not disclose the vulnerability publicly until we have had an opportunity to address it.
  2. Communication: Report vulnerabilities to GlobalReach Technology by sending an email to security@globalreachtech.com. Please include a detailed description of the vulnerability, along with any relevant supporting documentation or proof of concept.
  3. Scope: Ensure that your report is specific to GlobalReach Technology products, services, or infrastructure.
  4. Responsible Disclosure: Allow GlobalReach Technology a reasonable amount of time to investigate and address the reported vulnerability before disclosing it publicly. We strive to acknowledge receipt of your report within 3 business days and will provide regular updates on the progress of our investigation.
  5. Legal Compliance: Your research and testing activities should comply with all applicable laws and regulations.

What to Include in Your Report

When reporting a vulnerability, please include the following information:

  • Description of the vulnerability
  • Steps to reproduce the vulnerability
  • Proof of concept or demonstration, if applicable
  • Any additional information that may help our security team understand and address the vulnerability

GlobalReach Technology Commitment

GlobalReach Technology is committed to addressing reported vulnerabilities promptly and taking appropriate actions to mitigate potential risks to our customers and systems. We will:

  • Acknowledge receipt of your report within 3 business days
  • Provide regular updates on the status of our investigation
  • Work to address the vulnerability in a timely manner
  • Credit researchers who report valid vulnerabilities, subject to their preference for anonymity

Responsible Disclosure Timeline

GlobalReach Technology aims to resolve reported vulnerabilities within a reasonable timeframe. The timeline for resolving vulnerabilities may vary depending on the complexity and severity of the issue. However, we strive to:

  • Acknowledge receipt of your report within 3 business days
  • Provide regular updates on the progress of our investigation
  • Work to address the vulnerability and implement appropriate mitigations as quickly as possible

Contact Information

To report a security vulnerability or for questions regarding this policy, please contact GlobalReach Technology Security at security@globalreachtech.com.

Policy Updates

GlobalReach Technology reserves the right to update this Vulnerability Disclosure Policy at any time. Updates will be posted on the GlobalReach Technology website.

Acknowledgment

GlobalReach Technology acknowledges the valuable contributions of security researchers and external parties who report vulnerabilities and collaborate with us to enhance the security of our products and services.

Effective Date

This Vulnerability Disclosure Policy is effective as of 27th April 2024