Responsible Disclosure Policy

Guidelines

Responsible Disclosure helps increase security for ourselves and the community as a whole. Please follow the guidelines below:

• Do not disclose a bug or vulnerability on public notice boards, mailing lists or other public forums, prior to Responsible Disclosure and an appropriate opportunity for it to be fixed.
• Do not utilize an exploit to view data without authorization or compromise the confidentiality or availability.
• Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed.
• Do not use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact.
• Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
• Do not modify or destroy data that does not belong to you.
• Never attempt non-technical attacks, such as social engineering, phishing or physical attacked against our employees or infrastructure.
• Allow Rad Web Hosting an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, in order to ensure that Rad Web Hosting has developed and thoroughly tested a solution.

How to Report an Issue

Please email bugreport [at] radwebhosting [dot] com to report any security vulnerabilities. We will acknowledge receipt of your vulnerability report the next business day and strive to send you regular updates about our progress. If you're curious about the status of your disclosure please feel free to email us again.

What to Report:

• Suspected vulnerability.
• Steps to enable us to reproduce the issue.
• Your email address and secure mechanism to contact you.
• Your name (and/or colleagues) if you would like to be recognized.

At Rad Web Hosting's discretion, you may be eligible for monetary compensation for your efforts