Vulnerability Disclosure Policy

Introduction

Right-Hand Cybersecurity is committed to the security of our customer’s data. We take all security threats seriously, and we encourage our customers/security researchers to report any vulnerabilities they find in our products or services.

What is included

This policy covers all vulnerabilities found in Right-Hand’s products and services, including:

  • Security misconfigurations
  • Software bugs
  • Design flaws
  • Implementation errors
  • How to report vulnerabilities


To report a vulnerability, please contact us an email at security@right-hand.ai. When you report a vulnerability, please provide the following information:

  • A detailed description of the vulnerability
  • Any steps that can be taken to exploit the vulnerability
  • Any other information that you believe may be helpful in resolving the vulnerability

What not to do

Please do not:

  • Exploit the vulnerability yourself
  • Share the vulnerability with others
  • Use the vulnerability to gain unauthorized access to Roght-Hand’s systems or data


What to expect

We will investigate all vulnerability reports as quickly as possible. We will work with you to resolve the vulnerability as soon as possible.

If we determine that a vulnerability poses a risk to our customers, we will take steps to mitigate the risk. These steps may include:

  • Patching the vulnerability
  • Disabling the affected feature
  • Communicating with our customers about the vulnerability


No bounty

We currently do not reward any bounty for vulnerability reports. However, we are happy to give you credit for your report.

Thank you for your help in keeping our customers’ data safe.