Responsible Disclosure Policy

If you discover a vulnerability, we would like to be informed so that we can take the necessary measures to address it as quickly as possible. We ask for your help in better protecting our customers and systems.

Please follow these guidelines:

1. Send your findings via email to soc@nethica.it. Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands.
2. Do not exploit the vulnerability or issue you have discovered, for example, by downloading more data than necessary to demonstrate the vulnerability or by deleting or modifying other people’s data.
3. Do not disclose the issue to others until it has been resolved.
4. Do not use physical security attacks, social engineering, distributed denial-of-service (DDoS) attacks, spam, or third-party applications.
5. Provide sufficient information to reproduce the issue so that we can resolve it as quickly as possible. Typically, the IP address or URL of the affected system and a description of the vulnerability will suffice, but more complex vulnerabilities may require additional explanations.

Our Commitments:

1. We will respond to your report within 3 business days with our assessment of the report and an estimated resolution date.
2. If you have followed the instructions above, we will not take legal action against you regarding the report.
3. We will treat your report with strict confidentiality and will not share your personal details with third parties without your permission.
4. We will keep you informed about the progress of resolving the issue.
5. In any public information regarding the reported issue, we will credit you as the discoverer of the issue (unless you prefer otherwise).

We are committed to resolving all issues as quickly as possible and aim to play an active role in the final publication of the issue once it has been resolved.

V2.0 –  June 5, 2024