.svg)
Copyright © 2024 Ensis Inc. All Rights Reserved.
.svg)
.svg)
Responsible Vulnerability Disclosure Policy
Introduction
At Ensis AI, we take the security of our systems and services seriously. We recognize the importance of security researchers and the valuable role they play in helping us maintain a safe and secure environment for our customers. This policy outlines our approach to responsible vulnerability disclosure and the procedures to follow when reporting security vulnerabilities to us.
Scope
This policy applies to all individuals and organizations, including security researchers, customers, and third parties, who discover and wish to report security vulnerabilities in Ensis AI's products, services, or systems.
Responsible Disclosure Guidelines
Reporting Vulnerabilities
If you discover a potential security vulnerability, we encourage you to report it to us promptly and responsibly by emailing us at info@ensis.ai. Please include the following information in your report:
- Description of the vulnerability and its potential impact.
- Steps to reproduce the vulnerability.
- Your contact information for further communication.
What We Promise
Upon receiving a vulnerability report, we commit to:
- Acknowledging receipt of your report promptly (within 3 business days).
- Investigating the issue and assessing its validity.
- Communicating with you to understand the details and verify the vulnerability.
- Keeping you informed of our progress and any remediation steps taken.
- Treating your report confidentially and with respect for your privacy, in accordance with our Privacy Policy.
What We Expect from You
As a security researcher or reporter, we expect you to:
- Make every effort to avoid privacy violations, disruption to our services, and destruction of data during your research.
- Adhere to the principles of responsible disclosure and avoid disclosing or exploiting the vulnerability to others until we have had sufficient time to address it.
- Provide us with reasonable time to investigate and mitigate the reported vulnerability before publicly disclosing it.
Exclusions
The following activities are not authorized under this policy:
- Denial of service (DoS) attacks.
- Physical attacks against our offices, data centers, or personnel.
- Social engineering attacks against our employees, customers, or vendors.
- Any activity that violates any law or causes harm to Ensis AI, our customers, or third parties.
Legal Protections
We will not take legal action against you for reporting a security vulnerability to us, provided you comply with this policy. We recognize and respect the rights of security researchers who work to improve security for everyone.
Contact Information
For reporting security vulnerabilities or questions related to this policy, please contact us at info@ensis.ai.
Policy Updates
We may update this policy from time to time. Any changes will be posted on our website, and your continued participation in our responsible disclosure program constitutes acceptance of those changes.
1. Acceptance of Terms
By accessing or using this RFP website, you agree to comply with and be bound by these terms and conditions. If you do not agree with these terms, please refrain from using the website.
2. User Eligibility
Users must be of legal age and capable of forming a binding contract in their respective jurisdictions.
3. Account Registration
To participate in the RFP process, users may be required to create an account, providing accurate and complete information. Users are responsible for maintaining the confidentiality of their account details.
4. RFP Submission
Users must be of legal age and capable of forming a binding contract in their respective jurisdictions.
5. Review Process
The website may conduct a review of RFP submissions to ensure they meet the specified criteria. The website reserves the right to reject or accept any submission at its sole discretion.
6. Intellectual Property
Users retain ownership of their RFP submissions. However, by submitting an RFP, users grant the website a non-exclusive, worldwide, royalty-free license to use, reproduce, and display the content for the purposes of the RFP process.