Security Code cooperates with information security researchers. This policy establishes how we work in cases in which such researchers or groups of researchers discover a vulnerability in any of the products that Security Code has developed.
- Please describe the vulnerability by filling out the form outlined below, and send us a description at disclosurepolicy@securitycode.ru.
- Security Code employees will review your message and contact you at the address you have indicated within no more than 3 working days.
- Within no more than 3 months of proof of the vulnerability, Security Code employees will eliminate the vulnerability in its products. During the course of this time, the researcher having identified the vulnerability is obliged not to disclose details of the vulnerability to third parties, including other enterprises in the industry.
- At or before the 3-month deadline, Security Code will publicly disclose to users information about the vulnerability via the Security Code site, and release a new and corrected version of the product, free of the vulnerability.
- As a reward for identification of the vulnerability, Security Code will pay you between 5 thousand and 100 thousand rubles.
