Policy

Vulnerability Disclosure Policy

Redstor is committed to designing secure and safe products that do not permit the exposure of information. Redstor values the work done by security experts and supports a coordinated approach to responsibly improving the security of our products and services. We are dedicated to working with the security research community to investigate, reproduce and where practical, address any legitimate reported vulnerabilities. We actively encourage the community to participate in our responsible reporting process.

If you are a security expert and would like to report a security vulnerability, please send an email to: [email protected] Provide your name, contact information, and company name (if applicable) with each report.

Responsible Disclosure Guidelines

We will investigate legitimate reports and make every effort to quickly address any vulnerability discovered. To encourage responsible reporting, we will work alongside you to address legitimate reports if you comply with the following Responsible Disclosure Guidelines (RDG):

  • Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability
  • Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of Redstor’s services
  • Do not modify or access data that does not belong to you
  • Give us a realistic timeframe to correct the issue before making any information public

We will attempt to respond to your report within 1-3 business days.