VEBONIX Vulnerability Disclosure Policy
VEBONIX (AppCroNix Infotech Private Limited) encourages researchers to work with us on potential issues in our services or on our website. In order to encourage researchers to work with us, we agree that if, in our sole discretion, we conclude that a disclosure meets all of the guidelines of the VEBONIX Coordinated Disclosure policy, VEBONIX will not bring any private or criminal legal action against the disclosing party.
Any domain not contained within VEBONIX is out of scope for the purposes of the Vulnerability Disclosure, as is all hosted customer content and third-party programs and plug-ins.
The following actions do not qualify for Coordinated Disclosure and should not be tested by researchers participating in the Program:
VEBONIX will not accept reports from automated vulnerability scanners.
VEBONIX will accept a report of any vulnerability that substantially affects the confidentiality or integrity of any eligible VEBONIX service. Eligible vulnerabilities include, but are not limited to:
Suggestions for Good Reports
Any information that you collect about VEBONIX, VEBONIX employees, or VEBONIX customers (“Confidential Information”) through the Vulnerability Disclosure program must be kept confidential and may only be used in connection with the Program. You may disclose vulnerabilities only after proper remediation has occurred and you may not disclose Confidential Information without VEBONIX’s prior written consent. Any disclosure of Confidential Information outside of this requirement will result in immediate removal from the Program.
Your testing must not violate any law, disrupt services, or compromise any data that is not your own.