VULNERABILITY DISCLOSURE POLICY
If you believe you have discovered a vulnerability on our website, or if you have any security concerns to report, please complete the contact form available on our website with the details and include "Security Alert" in the subject line. Alternatively, you can email us at disclosure@bluehat-cyber.co.uk. Please provide as much detail as possible to help us resolve the issue in a timely fashion.
​
Once we have received a vulnerability report, the company takes a series of steps to address the issue:
​
-
We will provide prompt acknowledgement of receipt of your report.
-
We request the reporter keep any communication regarding vulnerabilities confidential.
-
We will work with you to understand and investigate the vulnerability.
-
We will provide a timeframe for addressing the vulnerability.
-
We will notify you once the vulnerability has been resolved, to allow retesting by the reporter if desired.
​
The company will endeavour to keep the reporter apprised of every step in this process as it occurs.
​
We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services, and better protect our customers. In line with responsible disclosure best practice, we ask that security researchers:
-
Allow the company an opportunity to correct a vulnerability within a reasonable time period before publicly disclosing the identified issue.
-
Provide sufficient detail about the vulnerability to allow us to investigate successfully including steps required to reproduce the issue.
-
We appreciate the use of the Common Vulnerability Scoring System (CVSS v3) when reporting a vulnerability.
-
Do not modify or delete data, or take actions that would impact on BlueHat Cyber Ltd customers
-
Do not carry out social engineering exercises or to attempt to find weaknesses in the physical security of the company offices or other locations.
-
Do not carry out denial of service attacks.