Responsible Disclosure Policy
Here at Sentor, we believe that perfection doesn't exist. We try hard to prevent and detect vulnerabilities, but realize they may always exist, even in our own systems. We also believe in the security community and if you are aware of a vulnerability affecting us, we encourage you to disclose it to us responsibly.
Rules of engagement
* Do not download or alter sensitive data, should you find a way of doing so.
* Do not attempt to overload systems with traffic or create Denial of Service conditions.
* Allow us time to remediate any vulnerabilities before publicly disclosing them.
Out of scope
* Physical testing of Sentor offices
* Social engineering / phishing campaigns
* Services hosted by 3:rd party providers
If you adhere to these rules we are committed to
* Work with you to mitigate the vulnerability
* Not seek any legal action against you
* Acknowledge your efforts
We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.