Vulnerability disclosure program

Spekit: Vulnerability Disclosure Policy

‍

Thank you for taking interest in the security of Spekit, Inc.. We value our customers’ security, data, and services. To protect our digital ecosystem, we’ve created this page to allow security researchers worldwide to report any potential security issues they may have found.

‍

Our commitment to you:

• Maintain trust and confidentiality in our exchanges with researchers who report to the program.
• To treat everyone who contributes respectfully, we appreciate your contribution to keeping our customers and us safe and secure.
• To work with you to validate and remediate reported vulnerabilities
• To investigate and remediate issues in a manner consistent with protecting the safety and security of our cloud customers. Addressing a valid reported vulnerability will take time. This will vary based on the severity of the vulnerability and the affected systems.

Our ask of you:

• Trust. As we promise to maintain your trust and confidentiality, we ask that you do the same with us. We ask that you do not disclose any information regarding your submission’s details without express written permission from our team.
• Please provide as much information as possible in your submission. It is vital to provide clear reproduction steps regarding your finding so that we may validate the report promptly.
• Adhere to the out-of-scope section below.
• Please make sure to add your email address to the submission, so we can get in touch with you about any technical details as needed.

Out of scope:

• Testing the physical security of our offices, employees, equipment, etc.
• Conducting non-technical attacks such as social engineering or phishing attacks.
• DoS/DDoS or any other testing that would impact the operation of our systems.
• Accessing, downloading, or modifying data residing in an account that does not belong to you.
• Testing that would result in sending spam or other unsolicited messages.
• Testing third-party applications or services.
• Defacing any of our assets.

Below you will find the form where you can submit your finding. Please remember to include as much information clearly as possible to help facilitate validation. It is highly recommended that you provide your email address to ensure you can claim your submission and continue communication as needed.