Frinksyn LLP Responsible Disclosure Policy
IntroductionFrinksyn LLP is dedicated to safeguarding the security and privacy of our clients and the integrity of our data. We greatly value the contributions of the security research community in helping us maintain the highest standards of security. We encourage researchers to report potential vulnerabilities in our systems and any confidential data pertaining to our services that may be accessible to unauthorized individuals. Your responsible disclosure is crucial in maintaining the safety and security of all our clients. This policy outlines our commitment to responsible disclosure and our approach to collaborating with the security community.
Frinksyn LLP's Responsible Disclosure Policy applies to the following:
- Frinksyn LLP Services and/or Products
We may expand the scope as our capacity and experience with this process grow. Researchers who submit valid vulnerability reports will receive full credit on our website once the submission has been accepted and validated by our security team.
Out of Scope
The following are considered out of scope for this policy:
- Frinksyn LLP's static website
- Any services hosted by third•party providers and services not provided by Frinksyn LLP.
Frinksyn LLP commits not to pursue legal action against individuals who submit vulnerability reports through our Vulnerability Reporting inbox. We openly welcome reports for the currently listed Frinksyn LLP services. We agree not to take legal action against individuals who:
- Conduct testing or research without causing harm to Frinksyn LLP or its clients.
- Perform vulnerability testing within the scope of our vulnerability disclosure program.
- Test Services without affecting clients or obtain permission/consent from clients before conducting vulnerability testing on their devices or software.
- Comply with the laws of their location and the location of Frinksyn LLP. For example, engaging in activities like reverse engineering or circumventing protective measures to enhance our system's security, which may only result in a claim by Frinksyn LLP (and not a criminal claim), may be considered acceptable.
- Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe expires.
How to Submit a Vulnerability
To submit a vulnerability report to Frinksyn LLP’s Security Team, please use the following email address: [firstname.lastname@example.org]
Preference, Prioritization, and Acceptance Criteria
We will prioritize and triage submissions based on the following criteria:
What we would like to see from you:
- Well written reports in English are more likely to receive prompt attention.
- Reports that include proof•of•concept code helps us better assess the issue.
- Reports that solely consist of crash dumps or automated tool output may receive lower priority.
- Reports related to services not initially included in the scope may also receive lower priority.
- Please include details about how you discovered the bug, its potential impact, and any suggested remediation.
- Please inform us of any plans or intentions for public disclosure.
What you can expect from Frinksyn LLP:
- A timely response to your email (within 3 business days).
- After triage, we will provide an expected timeline for remediation and commit to transparency regarding any issues or challenges that may affect this timeline.
- We are open to discussing any concerns or questions you may have.
- You will receive notifications as the vulnerability analysis progresses through each stage of our review.
- Proper credit will be given once the vulnerability has been validated and resolved.
If communication issues or other problems hinder the resolution process, Frinksyn LLP may involve a neutral third party to help determine the best course of action for addressing the vulnerability.
We greatly appreciate your assistance in improving the security of Frinksyn LLP's products and services. Your responsible disclosure is invaluable in ensuring the safety and security of our clients and their data. Thank you for partnering with us to achieve these goals.