Effective Date: July 1st, 2023
Baboon Hosting (“Company,” “we,” or “us”) is committed to ensuring the security and privacy of our systems and services. We value the contribution of security researchers and the broader community in identifying and responsibly disclosing potential vulnerabilities. This Responsible Disclosure Policy outlines our approach to receiving and addressing reports of security vulnerabilities.
1. Reporting Security Vulnerabilities:
If you discover a security vulnerability in our systems, we encourage you to report it to us promptly. We appreciate your cooperation in keeping our services and users safe. To report a vulnerability, please follow the guidelines outlined below:
– Provide a detailed description of the vulnerability, including the affected system or service, potential impact, and steps to reproduce.
– Share any supporting materials, such as proof-of-concept code, tools, or additional information that can assist in understanding and verifying the vulnerability.
– Include your contact information (name, email address) so that we can communicate with you regarding the reported vulnerability.
2. Scope of Vulnerabilities:
This Responsible Disclosure Policy covers security vulnerabilities related to our systems, services, applications, and associated infrastructure. Please ensure that your testing activities are limited to the scope of our services and do not violate any applicable laws or regulations.
3. Exclusions:
The following activities are strictly prohibited:
– Any attempt to access, modify, or delete data that does not belong to you.
– Any attempt to disrupt or degrade the availability or performance of our systems or services.
– Any social engineering or phishing attacks against our employees or users.
– Any testing that may impact the privacy or security of our users or their data.
4. Non-Disclosure of Vulnerabilities:
We request that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and address it. We commit to providing timely updates on the progress and resolution of the reported vulnerability.
5. Legal Considerations:
We will not take legal action against individuals who act in good faith and comply with this Responsible Disclosure Policy. However, we cannot provide legal immunity or waive any rights or claims against individuals who do not act in good faith or violate applicable laws.
6. Recognition and Acknowledgment:
We acknowledge the importance of your contribution to the security of our systems and services. If you responsibly disclose a security vulnerability and cooperate with us during the resolution process, we may acknowledge your contribution publicly, subject to your preferences and any legal restrictions.
7. Contact:
To report a security vulnerability or for any inquiries related to this Responsible Disclosure Policy, please contact our security operations center at soc@baboonhosting.com.
We appreciate your efforts in helping us maintain the security of our systems and services. Your responsible disclosure plays a crucial role in our ongoing commitment to ensuring a safe and secure environment for our users and their data.