Unpermitted Uses of Website and Unpermitted Types of Security Research
- Intentionally harming the experience or usefulness of the service to others
- Causing, or attempting to cause, a Denial of Service (DoS) condition
- Accessing, or attempting to access, data or information that does not belong to you
- Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
If you are researching security issues, especially those which may compromise the privacy of others, please do so cautiously in order to respect our users’ privacy. When possible, you should conduct all vulnerability testing against non-production instances of our products to minimize the risk to data and services.
How to Report a Security Vulnerability
All security vulnerabilities are reviewed and tracked through our bug submission program. This program is currently not public, but you may request access by emailing our security team at firstname.lastname@example.org.
Provide details of the potential vulnerability so the Family Capital Funding Security Team may validate and reproduce the issue quickly. Without the below information, it may be difficult if not impossible to address the potential vulnerability. Reports listing numerous potential vulnerabilities without detail will not be addressed without further clarification.
Details should include:
- Type of vulnerability
- A concrete attack scenario. How will the problem impact Family Capital Funding or Family Capital Funding’s users and partners? What is the worst thing that could happen if an attacker takes advantage of this security flaw?
- Whether the information has been published or shared with other parties;
- Affected products and versions
- Affected configurations
- Step-by-step instructions or proof-of-concept code to reproduce the issue.
Our Security Commitment
For all security vulnerability reporters who follow this policy, Family Capital Funding will attempt to do the following:
- Acknowledge the receipt of your report
- Investigate in a timely manner, confirming the potential vulnerability where possible
- Provide a plan and timeframe for addressing the vulnerability if appropriate
- Notify the vulnerability reporter when the vulnerability has been resolved