Responsible Disclosure
Boatzon’s code of ethics, foundation of trust, and its constant efforts to ensure that we are always acting prudently as a company is built upon the confidence that our customers place in us. As a result of these core values, the security of our online platforms - and the data housed within these platforms - is of paramount importance. If you are a security researcher and believe that you have discovered a security vulnerability involving Boatzon services or sites, we encourage you to securely disclose it to us in a responsible manner, as directed by this Responsible Disclosure Policy (the “Policy”). Boatzon will engage with security researchers when vulnerabilities are reported to us in accordance with this Policy. We will also validate and fix confirmed vulnerabilities affecting our services or sites in accordance with our commitment to security and privacy. We will not take legal action against, or suspend or terminate the accounts of, researchers who discover and report security vulnerabilities in accordance with this Policy. Boatzon reserves all legal rights in the event of any non-compliance with this Policy.
Reporting
We encourage security researchers to share the details of any suspected vulnerabilities with the Boatzon Information Security Team by emailing Security@Boatzon.com. Boatzon will review each submission to determine if the finding: (a) is valid and (b) has not previously been reported. Boatzon and this Policy require security researchers to include detailed information with steps for Boatzon’s Information Security Team to reproduce the vulnerability in the submission in order for a security researcher to be considered for monetary compensation.
Boatzon’s Commitment
If you identify a novel and valid suspected security vulnerability in compliance with this Policy, Boatzon commits to:
Noncompliance With this Policy
Public disclosure - by a security researcher or otherwise - of the details of any identified suspected vulnerability without express written consent from Boatzon’s InfoSec Team will deem any Form submission under this Policy as noncompliant with this Policy.
The Form is not intended to be used by, and this Policy is not directed to:
In addition, to remain compliant with this Policy, security researcher(s) are prohibited from: