⤷ Vulnerability Reporting ⤶
At Arex we take the protection of our clients’ data very seriously.
⤷ Vulnerability Reporting ⤶
At Arex we take the protection of our customers’ data very seriously.
Reporting Suspected Vulnerabilities
If you would like to report a vulnerability or have a security concern regarding Arex services or open source projects, please submit the information by contacting Security @ ArexGo . Com.
So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.
Arex maintains the privacy of the information you provide to them during this procedure. If it turns out that the vulnerability you disclose affects a third-party product, Arex will only share this information with the manufacturer or author of that third-party product. Otherwise, we won't share it with any other parties. If not, Arex will only disclose this information with others with your permission.
After reviewing the report that was filed, Arex will provide it a tracking number. After that, we will reply to you, confirming that we have received the report and outlining the following steps in the procedure.
Safe Harbor
Organizations and hackers conducting good faith security research are supported by Gold Standard Safe Harbor. "Good Faith Security Research" refers to using a computer only in good faith to test, investigate, and/or fix a security flaw or vulnerability. This activity must be conducted in a way that prevents harm to people or the public, and the information obtained from it must be used primarily to advance the security or safety of the class of devices, machines, or online services that the computer is accessed as well as those who use them.
From our perspective, conducting good faith security research is approved and shielded from our combative legal action. We release our Acceptable Use Policies ("AUP") and/or Terms of Service ("ToS") from any applicable restrictions that go against the guidelines for Good Faith Security Research described above.
This means that, for activity conducted while this program is active, we:
- Will not bring legal action against you or report you for Good Faith Security Research, including for bypassing technological measures we use to protect the applications in scope
- Will take steps to make known that you conducted Good Faith Security Research if someone else brings legal action against you.
Before engaging in any activity that you believe could be in conflict with good faith security research or not covered by our policy, you should get in touch with us to get further information.
Remember that third parties are not covered by this safe harbor statement, and we are not able to approve security research on their infrastructure.
Scope
The Arex Vulnerability Reporting Program does not cover the following activities. Participating in any of the following activities will result in permanent exclusion from the program.
- Targeting assets of Arex clients or non-Arex sites hosted on our infrastructure.
- Any vulnerability obtained through the compromise of Arex client or employee accounts.
- Any Denial of Service (DoS) attack against Arex products or Arex clients.
- Physical attacks against Arex employees, offices, and data centers.
- Social engineering of Arex employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam).
The Arex Security Team Commitment
We kindly request that you refrain from disclosing or sharing an open vulnerability with outside parties. When you kindly disclose a vulnerability, the Arex security team and related development teams will make a good faith attempt to:
- Respond in a timely manner, acknowledging receipt of your vulnerability report.
- Provide an estimated time frame for addressing the vulnerability report.
- Notify you when the vulnerability has been fixed.
We would like to express our gratitude to each and every researcher that reports a vulnerability, enabling us to strengthen Arex's overall security posture.
Reporting Suspected Vulnerabilities
If you would like to report a vulnerability or have a security concern regarding Arex cloud services or open source projects, please submit the information by contacting info @ arexgo . com.
So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.
Arex maintains the privacy of the information you provide to them during this procedure. If it turns out that the vulnerability you disclose affects a third-party product, Arex will only share this information with the manufacturer or author of that third-party product. Otherwise, we won't share it with any other parties. If not, Arex will only disclose this information with others with your permission.
After reviewing the report that was filed, Arex will provide it a tracking number. After that, we will reply to you, confirming that we have received the report and outlining the following steps in the procedure.
Safe Harbor
Organizations and hackers conducting good faith security research are supported by Gold Standard Safe Harbor. "Good Faith Security Research" refers to using a computer only in good faith to test, investigate, and/or fix a security flaw or vulnerability. This activity must be conducted in a way that prevents harm to people or the public, and the information obtained from it must be used primarily to advance the security or safety of the class of devices, machines, or online services that the computer is accessed as well as those who use them.
From our perspective, conducting good faith security research is approved and shielded from our combative legal action. We release our Acceptable Use Policies ("AUP") and/or Terms of Service ("TOS") from any applicable restrictions that go against the guidelines for Good Faith Security Research described above.
This means that, for activity conducted while this program is active, we:
- Will not bring legal action against you or report you for Good Faith Security Research, including for bypassing technological measures we use to protect the applications in scope
- Will take steps to make known that you conducted Good Faith Security Research if someone else brings legal action against you.
Before engaging in any activity that you believe could be in conflict with good faith security research or not covered by our policy, you should get in touch with us to get further information.
Remember that third parties are not covered by this safe harbor statement, and we are not able to approve security research on their infrastructure.
Scope
The Arex Vulnerability Reporting Program does not cover the following activities. Participating in any of the following activities will result in permanent exclusion from the program.
- Targeting assets of Arex customers or non-Arex sites hosted on our infrastructure.
- Any vulnerability obtained through the compromise of Arex customer or employee accounts.
- Any Denial of Service (DoS) attack against Arex products or Arex customers.
- Physical attacks against Arex employees, offices, and data centers.
- Social engineering of Arex employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam).
The Arex Security Team Commitment
We kindly request that you refrain from disclosing or sharing an open vulnerability with outside parties. When you kindly disclose a vulnerability, the Arex security team and related development teams will make a good faith attempt to:
- Respond in a timely manner, acknowledging receipt of your vulnerability report.
- Provide an estimated time frame for addressing the vulnerability report.
- Notify you when the vulnerability has been fixed.
We would like to express our gratitude to each and every researcher that reports a vulnerability, enabling us to strengthen Arex's overall security posture.