Responsible Disclosure Statement
AxiomSL is committed to the safety and security of its systems and services and to the integrity of our data. We recognize the valuable role of the security research community and we welcome reports from researchers, both of potential vulnerabilities in our systems and of confidential data from or relating to our services that may be accessible by unauthorized persons.
AxiomSL will not initiate legal action against anyone who makes a report in compliance with this policy.
A security vulnerability is a weakness in the defenses of our services that may compromise the safety of our systems. Security researchers and others who become aware of potential vulnerabilities should make a report using the submission instructions below.
We encourage anyone who believes they have discovered a potential vulnerability, or who has become aware of unauthorized access to confidential AxiomSL data (including customer data), to inform us immediately to help protect our customers and to improve and strengthen the confidentiality, availability and integrity of our systems.
We promise to:
- Acknowledge receipt of reports in a timely manner
- Provide an estimated time frame for addressing a vulnerability report
- Notify you once the vulnerability has been fixed
AxiomSL does not offer a bug bounty program or compensation for disclosure.
- We will promptly investigate all reports. If your report relates to a potential vulnerability, it should contain details sufficient for us to reproduce the vulnerability.
- We require a reasonable amount of time to remediate the situation before information about the issue is made known to the public.
- Do not engage in unauthorized data access, deletion, modification or corruption.
- Do not cause service disruptions while testing the vulnerability that you discovered.
- Prohibited research activities include denial of service, spamming, social engineering (including phishing), physical attempts against AxiomSL property or data centers, and other activities that may cause damage to AxiomSL’s services, systems or to our or our customers’ data, including activities that impact service availability, such as vulnerability scanning tools.
Reporting Potential Vulnerabilities
Reports should include the following information:
- Your name and contact information
- Your organization (if applicable)
- The AxiomSL services that may be affected
- A detailed description of the issue that you’ve discovered
- Supporting technical details, including descriptions or examples of exploit/attack code, packet captures, and steps to reproduce the issue
- Any known information about live exploits
- Your disclosure plans, if any
- Your desire for public recognition
If AxiomSL Information Security determines that a reported issue is valid, we will engage in efforts to establish controls, remediate as needed, and, as required by law or as otherwise necessary due to the risk and impact of the matter, inform those who we determine may have been affected by this issue.