abutton
Close menu
Accessibility Menu
Bigger text
bigger text icon
Text Spacing
Spacing icon
Saturation
saturation icon
Cursor
big cursor icon
Dyslexia Friendly
dyslexia icon
Reset

Vulnerability Disclosure Policy

Policy

This policy addresses the disclosure of vulnerabilities that "Ethical Hackers," also known as "White Hat Hackers," can identify in the "websites" owned by Softtek. If you identify vulnerabilities in our sites or applications, we appreciate your help by reporting it to us. Softtek’s cyber security team will validate and fix any vulnerabilities in accordance with our policies. Softtek reserves all its legal rights in the event of any non-compliance to the applicable laws and regulations.

Commitment

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and quickly resolve the issue, and Softtek will not recommend or pursue legal action related to your research. Should legal action be initiated by a third-party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

 

Bug Bounty Program

Softtek does not currently have a bug bounty program in place.

 

Rules for Finding Security Vulnerabilities

  1. Only use techniques pertinent to finding or demonstrating vulnerabilities in our websites.
  2. Do not use any weaknesses you discover for purposes other than your own specific research.
  3. Avoid social engineering to gain access to a system.
  4. Do not install backdoors, including to demonstrate the vulnerability of a system. Backdoors will weaken the security of the system.
  5. Do not modify or delete system information. If you need to copy information for your research, only copy what than you need.
  6. Do not tamper with the system in any way.
  7. Infiltrate a system only if necessary. Do not share access with other people.
  8. Avoid use brute force techniques, such as repeated password entry, to gain access to systems.
  9. Avoid denial of service (DoS) attacks to gain access.
  10. Report vulnerabilities only to Softtek


Reporting Vulnerabilities

In the event you detect a valid security vulnerability in compliance with this VDP, Softtek shall acknowledge receipt of your vulnerability report and, if necessary, work with you to understand and validate the issue. Softtek will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Softtek will deem the submission as non-compliant with this VDP.

Please report your findings by sending an email to security@softtek.com and include the site(s)/applications affected.

If you would like us to contact you, please specify the best way to do so, either by phone or by email. Softtek will not share your information with anyone outside of the cybersecurity personnel who will review your report.

Last modification: nov 2022.