ABOUT US
Responsible Disclosure
Thank you for offering to share information regarding a security vulnerability with us. The security of our applications and the data we are responsible for protecting is important to us and we are grateful for any information you can share with us about how we can further improve it. By submitting a vulnerability report, you agree to the terms below (the “Terms of Use”), which are intended to protect both you and us.
Safe Harbor
If you submit a vulnerability report to us, using the process outlined below, in compliance with all of the terms in these Terms of Use, we will not pursue civil action or initialize a complaint to law enforcement against you for accessing our systems without authorization in order to identify that vulnerability.
Submission Process
Please submit all vulnerability reports to us. In each report submitted, include:
description of the vulnerability;
the URL, IP address, port, or other information that would assist us in locating the vulnerability;
detailed and clear steps to reproduce the issue (including logs, screenshots, responses, or other evidence) or proof of concept code;
how you found the issue;
presumed impact;
any remediation steps you would suggest; and
your name and contact details
Scope
You may not access any individual workstation, or system, network, content, application or data of any third party, in connection with this program. The safe harbor described above does not apply to any such system, network content, application or data.
Methodology
You may not engage in any denial of service attack, attempts to compromise physical security or enter physical premises, or other destructive methodologies. As soon as you have identified the vulnerability, you must cease testing of it and report it as described above. The safe harbor described above does not apply to any activity that violates the terms of this Section.
No Access to Personal Data or Misuse of Data
By participating in this program, you represent that you have not at any time accessed personal data of our customers or users found on our systems, and that, in the event that you inadvertently acquired any, you have securely deleted that data. You represent that you have not, and covenant that you will not, misuse any data extracted from our environment for any fraudulent, malicious, defamatory, abusive, threatening, unlawful or otherwise improper purpose.
Intellectual Property Rights
By submitting information relating to a vulnerability, you grant us a perpetual, worldwide, royalty-free, fully paid-up license to use and disclose any information you submit, including any proofs of concept, patches, improvements, suggestions, code samples or any other information, in connection with the vulnerability to analyze, remediate or improve our systems and networks, incorporate it into our products or services, and to conduct further testing, or for any other legitimate business purpose. We do not grant you any intellectual property rights to any image, information, writing, invention, code or other creation in connection with these Terms of Use.
Sanctions
By submitting information relating to a vulnerability, you represent that you are not subject to any export sanctions or other trade restrictions, whether due to being included on the sanctions list maintained by the U.S. Office of Foreign Assets Control, or other governmental bodies in the United States or European Union, individually, being a member of an organization on that list, or being a resident of a country that is sanctioned by the United States or European Union.
Independent Contractor
Nothing in connection with your submission of a vulnerability shall indicate the you are an employee of Avancer and the relationship between you and Avancer shall not constitute a partnership, joint venture or agency. You shall not have the authority to make any statement, representation or commitment on Avancer’s behalf.
Disclaimer of Liability and Obligation
Avancer, its officers, affiliates, representatives, contractors and employees shall not be liable to you in connection with these Terms of Use for any direct, indirect, exemplary, incidental, special or consequential damages. Unless otherwise agreed by Avancer, any information submitted by you in connection with a vulnerability is provided at no charge and Avancer shall not owe you any fee for that submission or any services performed or expenses incurred.
Miscellaneous
These Terms of Use are governed by the laws of the Commonwealth of Pennsylvania, without regard to conflict of laws principles. You shall not use any logo or other trademark of Avancer without our explicit prior consent.