Responsible Disclosure Policy
Here at Sentor, we believe that perfection doesn't exist. We try hard to prevent and detect vulnerabilities, but realize they may always exist, even in our own systems. We also believe in the security community and if you are aware of a vulnerability affecting us, we encourage you to disclose it to us responsibly.
Rules of engagement
* Do not download or alter sensitive data, should you find a way of doing so.
* Do not attempt to overload systems with traffic or create Denial of Service conditions.
* Allow us to time remediate any vulnerabilities before publicly disclosing them.
Out of scope
* Physical testing of Sentor offices
* Social engineering / phishing campaigns
* Services hosted by 3:rd party providers
If you adhere to these rules we are committed to
* Work with you to mitigate the vulnerability
* Not seek any legal action against you
* Acknowledge your efforts
Vulnerabilities can be reported to email@example.com, optionally encrypted using PGP key found here!
We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.
+46 8 545 333 00
We answer 24/7
For general inquiries
Use our PGP-key