Responsible disclosure policy

Here at Sentor, we believe that perfection doesn't exist. We try hard to prevent and detect vulnerabilities, but realize they may always exist, even in our own systems. We also believe in the security community and if you are aware of a vulnerability affecting us, we encourage you to disclose it to us responsibly.

Rules of engagement
* Do not download or alter sensitive data, should you find a way of doing so.
* Do not attempt to overload systems with traffic or create Denial of Service conditions.
* Allow us to time remediate any vulnerabilities before publicly disclosing them.

Out of scope
* Physical testing of Sentor offices
* Social engineering / phishing campaigns
* Services hosted by 3:rd party providers

If you adhere to these rules we are committed to
* Work with you to mitigate the vulnerability
* Not seek any legal action against you
* Acknowledge your efforts

Contact
Vulnerabilities can be reported to disclosure@sentorsecurity.com, optionally encrypted using PGP key found here!