Vulnerability Disclosure Policy

Forfend is committed to addressing and reporting security issues with a coordinated and constructive approach, prioritizing the protection of customers, partners, staff, and all internet users. This policy applies to any security vulnerabilities discovered by Forfend staff or others using their services. The senior management team reviews this policy annually, while day-to-day staff must adhere to it and receive regular training.

Reporting a Vulnerability: To report a vulnerability or security incident, individuals can:

Upon receiving a vulnerability report, the company follows these steps:

  1. Acknowledge receipt of the report promptly.
  2. Request confidentiality from the reporter.
  3. Investigate the vulnerability with the reporter’s assistance.
  4. Provide a timeframe for addressing the issue.
  5. Notify the reporter when the vulnerability has been resolved.

Engagement with Security Researchers: Forfend values the efforts of security researchers who share information on security issues, as it helps enhance their services and protect customers. For responsible disclosure, the company requests researchers:

  • Allow a reasonable time period for the company to fix vulnerabilities before public disclosure.
  • Provide sufficient detail about the vulnerability for successful investigation.
  • Use the Common Vulnerability Scoring System (CVSS) when reporting a vulnerability.
  • Avoid modifying or deleting data or impacting customers.
  • Refrain from attempting to find weaknesses in the physical security of Forfend’s offices or other locations.