Loading...

Responsible Disclosure


Seal Software Responsible Disclosure Program

Committed to working together

We want to hear from you if you have information related to potential security vulnerabilities of Seal Software products and services. We value your work and thank you in advance for your responsible disclosure.

Reporting a vulnerability

Please email your vulnerability to Vulnerability@seal-software.com . The report should include a detailed description of your discovery with clear reproducible steps. The more detail you supply, the quicker we are able to respond.

Submission

By submitting your report to Seal Software, you agree not to disclose the vulnerability to a third party. You perpetually allow Seal Software and its subsidiaries the unconditional ability to use, modify, create derivative work from, distribute, disclose and store the information provided in your report or to have others do the same on behalf of Seal Software, and these rights cannot be revoked. You represent that the report is original to you and that you own all right, title and interest in the submission.

Guidelines

Seal Software agrees not to pursue claims against researchers who disclose potential vulnerabilities to this program where the researcher:

  • Does not cause harm to Seal Software, our customers, or others;
  • Does not store, share, compromise or destroy Seal Software or customer data;
  • Provides a detailed summary of the vulnerability
  • Does not violate any national, state, or local law or regulation;
  • Does not publicly disclose vulnerability details without Seal Software’s written permission;
  • Is not currently located in or otherwise ordinarily resident in Cuba, Iran, North Korea, Sudan, Syria or Crimea;
  • Is not an employee or an immediate family member of an employee of Seal Software
  • Is at least 18 years old.

Out of Scope Vulnerabilities

Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program. Out of scope vulnerabilities include:

  • Denial of service (DOS)
  • Vulnerabilities dependent upon social engineering techniques
  • Certificates/TLS/SSL related issues
  • Most vulnerabilities within our sandbox, lab, or pre-production environments.

We will process each report and may contact you, if more information is needed from you.
We request that you keep all communication regarding the vulnerability confidential.