At Hypatos, we take the security of our products seriously. New ways of attacking our products are constantly being developed. Because of this, we have created a vulnerability disclosure program for anyone who has found a vulnerability to share it with us.
Hypatos has to strike a balance between protecting critical assets and giving researchers permission to test our systems. For this reason, we allow only the following types of vulnerabilities to be tested on (give address names).
We do not permit tests for DDoS or tests on third party products.
To inform us of a potential vulnerability, please use this email address: firstname.lastname@example.org. We will respond within 5 business days. In your initial disclosure, please give a description of the issue, in text format (not pdf or exe files) and contact details so that we can reach out to you. If we decide to investigate the vulnerability, we will require you to send proof of concept code (dump files will not be accepted). This phase can last a maximum of 180 days, during which you are obliged not to divulge the vulnerability publicly. After this time, we will discuss with you, if the vulnerability can be made public.