Vulnerability Disclosure Policy

Purpose#

This policy outlines the rules and guidelines for our clients when conducting security assessments of their solutions and our public APIs. Our goal is to ensure the security and integrity of our systems while allowing our clients the flexibility to verify their own security.

Scope#

This policy applies to:

• Client Solutions: Solutions developed by clients that interact with our systems.
• Public API: The publicly accessible API endpoints provided by our services.

Permitted Activities#

Clients are allowed to perform the following activities:

1. Security Scanning: Clients may conduct security scans on their own solutions and our public API to identify potential vulnerabilities. This includes, but is not limited to:

• Static and dynamic analysis of their code.
• Vulnerability scanning of their deployment environments.
• Scanning of our public API for known vulnerabilities.

Prohibited Activities#

To protect the stability and performance of our systems, the following activities are prohibited:

1. Stress Testing: Clients are not allowed to conduct stress testing on our public API or any other part of our infrastructure. Stress testing refers to the process of subjecting the system to extreme workloads to evaluate its robustness.
2. Load Testing: Load testing on our public API or any other part of our infrastructure is prohibited. Load testing involves simulating multiple users accessing the system simultaneously to assess performance under expected load conditions.
3. Denial of Service (DoS) Attacks: Any form of DoS attack or similar activities that aim to disrupt the availability of our services is strictly prohibited.

Reporting Vulnerabilities#

If a client identifies a vulnerability in their solution or our public API, we encourage responsible disclosure. Please follow these steps:

1. Report Immediately: Notify us as soon as a vulnerability is discovered by emailing privacy@agillic.com.
2. Provide Details: Include a detailed description of the vulnerability, steps to reproduce it, and any potential impact it may have.
3. Confidentiality: Maintain confidentiality of any discovered vulnerabilities until they are resolved.
4. No Public Disclosure: Do not disclose any details of the vulnerability to the public or any third parties until it has been resolved and verified by our team.

Our Commitment#

• We will acknowledge receipt of your report within 3 business days.
• We will work diligently to assess and address the reported vulnerability.
• We will keep you informed about the status of the vulnerability resolution.

Legal Considerations#

By conducting security assessments within the bounds of this policy, you agree not to engage in any activity that would violate applicable laws or regulations.

Contact#

For any questions regarding this policy, please contact our security team at privacy@agillic.com.