At Sqills, security of our systems is our top priority. We take all necessary steps to protect our S3 Passenger SaaS suite for our customers. However, regardless of how much effort we put into system security, we are all human and humans make mistakes.
That is why it is impossible for us to always eliminate all potential weaknesses. Loopholes may still exist and systems may have vulnerabilities that we don’t even know about right now. If you find a security issue and report it in accordance with the guidelines of this responsible disclosure policy, you will be included in our Sqills Security Hall Of Fame.
Please do the following
If you happen to find a vulnerability, we want to know about it so we can take necessary steps to address it in the future. That is why we want to ask you to help us protect our clients and our systems by doing the following:
- Please send your findings to responsibledisclosure[at]sqills[dot]com (general support enquiries will not be answered at this email).
- Do not take advantage of the problem or vulnerability you have discovered.
- Do not reveal the problem to others until it has been solved.
- Do not use it for spam, distributed denial of service, social engineering, or attacks on physical security.
- Do provide sufficient information for us to reproduce the problem. This allows us to resolve the issue as quickly as possible.
What we promise
- We will respond to your report within 5 business days. We will provide you with an expected resolution date and our evaluation of the report.
- Because the information is important to us, we will never take legal action if you adhere to the aforementioned guidelines.
- Unless necessary to do so to comply with a legal obligation, we will not pass on your personal details to third parties without your permission.
- It is possible for you to report anonymously or under a pseudonym. Keep in mind that we will be unable to contact you if you decide to do so.
- We will keep you updated about the progress we make towards resolving the problem.
- Until the problem has been resolved, we will never go public with it. You will be given credit for identifying the problem (if you so wish) if we do make the issue public. We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it has been resolved.