Vulnerability Disclosure
Introduction
At Pismo, cybersecurity is core to our values. We want to hear from you if you have information about potential security vulnerabilities in Pismo’s products, services, websites, or applications. We have established this Vulnerability Disclosure Program to facilitate our exchange of information about potential vulnerabilities, establish rules for vulnerability testing, and provide a Safe Harbor for individuals who follow these rules.Expectations
When you report vulnerabilities to us, you can expect us to:- Extend a safe harbour to you for vulnerability reports submitted in accordance with our program rules.
- Work with you to understand and validate your report, including a timely initial response to the submission.
- Work to remediate discovered vulnerabilities in a reasonable manner.
Program rules
Please note that this Program should not be construed as encouragement or permission to hack, penetrate, or otherwise attempt to gain unauthorised access to Pismo applications, systems, or data. To avoid any confusion between good-faith reporting and a malicious attack, we ask that you:- Report any suspected or confirmed vulnerability you’ve discovered promptly
- Do not violate the privacy of others, disrupt our systems, destroy data, and/or harm the user experience
- Do not conduct social engineering (e.g. phishing, vishing, smishing)
- If a vulnerability provides unintended access to data: cease testing and submit a report immediately (e.g., if you encounter any user data during testing, such as Personal Information, credit card data, or proprietary information) – you are not authorised to access any Pismo data
- Provide us with a reasonable amount of time to remediate vulnerabilities.
- Keep the details of any discovered vulnerabilities confidential.
- Do not initiate any unauthorised financial transaction.
- Only interact with accounts you own or with explicit permission from the account holder.
- Do not violate any national, state, or local laws or regulations.