At digiALERT, based out of Tamil Nadu, Chennai in India, we take the security of our clients' systems and data very seriously. We believe that responsible disclosure of vulnerabilities is a key aspect of maintaining the security of our clients' systems and the Internet as a whole. This Responsible Disclosure Policy outlines the process for reporting vulnerabilities to digiALERT, and our commitment to working with security researchers to address any vulnerabilities that may be found.

1. Reporting Vulnerabilities:

• If you believe you have discovered a vulnerability in a system or service provided by digiALERT, please contact us immediately at enquiry@digialert.com.
• Please provide as much detail as possible about the vulnerability, including steps to reproduce the issue and any relevant log files or screenshots.
• We ask that you do not publicly disclose the vulnerability until it has been acknowledged and addressed by digiALERT, unless otherwise agreed upon with digiALERT.

2. Acknowledgment and Response:

• We will acknowledge receipt of your vulnerability report within 24 hours and will provide regular updates on the status of the vulnerability investigation.
• Our goal is to provide a resolution for any reported vulnerability within 30 days of receipt.
• In case of a critical vulnerability, we will prioritize it and work towards resolving it as soon as possible.

3. Responsible Disclosure:

• We ask that you make every effort to avoid compromising the privacy or data of our clients or their customers.
• We also ask that you do not perform any activity that would be illegal or that would disrupt the normal operation of our systems or services.
• In case of any ambiguity or uncertainty of the impact of the vulnerability, we will work with you to understand the potential impact before taking any action.

4. Recognition:

• We recognize and appreciate the efforts of security researchers who report vulnerabilities to us in a responsible manner.
• We may publicly acknowledge the researcher(s) who reported the vulnerability, unless requested otherwise by the researcher. We will also consider offering rewards or recognition in the form of swags, monetary compensation, or CERT-In recognition for eligible vulnerabilities.

5. Non-Discrimination

• If you are an employee or contractor of digiALERT and have discovered a vulnerability in the course of your work, please report it to your supervisor or the appropriate department immediately.
• Failure to report a vulnerability in a timely manner may result in disciplinary action.

6. Legal Compliance:

• We will fully cooperate with any law enforcement agencies investigating any illegal activities related to the discovery or distribution of a vulnerability.
• We will also comply with any court order related to any vulnerability discovered and reported to us.

7. Exclusions

• This Responsible Disclosure Policy does not apply to vulnerabilities found in third-party software or services that are integrated with digiALERT systems or services.
• We will not be held responsible for vulnerabilities found in third-party software or services.

8. Continuous Improvement

• We strive to continuously improve our security posture and as such this policy is subject to change. We will update this policy regularly to reflect the latest best practices and regulations.

We thank you for your interest in the security of our systems and services and for helping us to keep our clients' systems and data secure. We are committed to working with security researchers to address any vulnerabilities that may be found in a timely and responsible manner. Your feedback and suggestions on improving this policy are always welcome and can be sent to enquiry@digialert.com.