Vulnerability Disclosure Policy
Introduction
Right-Hand Cybersecurity is committed to the security of our customer’s data. We take all security threats seriously, and we encourage our customers/security researchers to report any vulnerabilities they find in our products or services.
What is included
This policy covers all vulnerabilities found in Right-Hand’s products and services, including:
- Security misconfigurations
- Software bugs
- Design flaws
- Implementation errors
- How to report vulnerabilities
To report a vulnerability, please contact us an email at security@right-hand.ai. When you report a vulnerability, please provide the following information:
- A detailed description of the vulnerability
- Any steps that can be taken to exploit the vulnerability
- Any other information that you believe may be helpful in resolving the vulnerability
What not to do
Please do not:
- Exploit the vulnerability yourself
- Share the vulnerability with others
- Use the vulnerability to gain unauthorized access to Roght-Hand’s systems or data
What to expect
We will investigate all vulnerability reports as quickly as possible. We will work with you to resolve the vulnerability as soon as possible.
If we determine that a vulnerability poses a risk to our customers, we will take steps to mitigate the risk. These steps may include:
- Patching the vulnerability
- Disabling the affected feature
- Communicating with our customers about the vulnerability
No bounty
We currently do not reward any bounty for vulnerability reports. However, we are happy to give you credit for your report.
Thank you for your help in keeping our customers’ data safe.