MEDIARAILS VULNERABILITY REPORTING POLICY
LAST UPDATED: 3/21/2021
TABLE OF CONTENTS:
1. About Us and This Policy
2. Scope of Systems and Services
3. Report Submission Requirements
4. Prohibited Activities
5. Our Security Team Commitment
1. ABOUT US AND THIS POLICY
Welcome, and thank you for visiting our website or using our services! Maintaining the security of our applications and network is a high priority for Mediarails. Our Security Team encourages responsible reporting of any vulnerabilities that may be found on our site or application and we are committed to working with you to verify and address any potential vulnerabilities that may be reported to us.
This Policy describes the process for how to report a vulnerability, what requirements must be included when submitting a report, and any prohibited actions or testing when using the Mediarails site or Mediarails CRM and Engagement applications.
We update this Policy periodically, and we will indicate the date the last changes were made above. If we determine, at our discretion, changes are significant, we will provide a more detailed notice and may also notify you of such changes via email.
When this Policy mentions “Mediarails”, “we,” “us,” or “our” it refers to Mediarails Inc.
We hope this Policy answers all your questions about our commitment to security and the protection of your information, but to the extent, you have further questions regarding this Policy, we invite you to reach out to us at http://mediarails.com/report-a-bug. If you want to submit a bug – click here
2. SCOPE OF SYSTEMS AND SERVICES
This policy applies to the following systems and services:
• Mediarails CRM App
3. REPORT SUBMISSION REQUIREMENTS
If you believe you have discovered a security bug or vulnerability within our services, please report it to our Security team at. We will investigate your report and respond to you as soon as possible. Please do not disclose your findings until we have had the opportunity to review and address them with you. In order to help triage and prioritize submissions we request that your reports include the following:
• Describe the location, date, and time that the vulnerability was discovered and the potential impact of exploitation.
• Provide a detailed description of the steps to reproduce the vulnerability (proof of concept or system screenshots are helpful).
• Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
• Include any supporting documentation.
• If other customer data has been accidentally accessed please submit a report to describe who, what, when, where, and how.
4. PROHIBITED ACTIVITIES
While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited and is considered out of scope for this submission (including but not limited to):
• Performing actions that may negatively impact the performance of our application for our customers (e.g., Spam, Brute Force, Denial of Service or aggressive scanning techniques).
• Destroying, corrupting, or attempting to destroy data or information that does not belong to you.
• Social engineering (e.g., Phishing, Vishing, Smishing).
• Conducting vulnerability testing of participating services using anything other than test accounts (e.g., Developer or Trial Edition instances).
5. OUR SECURITY TEAM COMMITMENT
We ask that you do not share or publicize an unresolved vulnerability with any third party. If you responsibly submit a vulnerability report, our security team will use reasonable effort to:
• Respond in a timely manner, acknowledging receipt of your vulnerability report.
• Provide an estimated time frame for addressing the vulnerability report.
• Notify you when the vulnerability has been remediated.
We want to thank every user or individual researcher who submits a vulnerability report for helping us to improve our overall security posture at Mediarails. Questions regarding this policy can be submitted to http://mediarails.com/report-a-bug/
If you want to submit a bug – click here