{"id":1911,"date":"2024-03-24T08:02:58","date_gmt":"2024-03-24T08:02:58","guid":{"rendered":"https:\/\/arexgo.com\/APP\/?page_id=1911"},"modified":"2025-03-17T14:17:22","modified_gmt":"2025-03-17T14:17:22","slug":"vulnerability-reporting","status":"publish","type":"page","link":"https:\/\/arexgo.com\/APP\/vulnerability-reporting\/","title":{"rendered":"Vulnerability Reporting"},"content":{"rendered":"<p>https:\/\/www.okta.com\/vulnerability-reporting-policy\/<\/p>\n<p>https:\/\/aws.amazon.com\/security\/vulnerability-reporting\/<\/p>\n<p>https:\/\/www.rapid7.com\/security\/disclosure\/<\/p>\n<p>https:\/\/hackerone.com\/cloudflare?type=team<\/p>\n<p>https:\/\/hackerone.com\/cloudflare\/safe_harbor<\/p>\n<p>https:\/\/hackerone.com\/baidu?type=team<\/p>\n<p>&nbsp;<\/p>\n<h2 id=\"Reporting_Suspected_Vulnerabilities\" class=\"lb-txt-bold lb-txt-28 lb-h2 lb-title\">Reporting Suspected Vulnerabilities<\/h2>\n<div class=\"lb-txt-16 lb-rtxt\">\n<p>\u00a0If you would like to report a vulnerability or have a security concern regarding Arex cloud services or open source projects, please submit the information by contacting <a href=\"info@arexgo.com\">info @ arexgo . com<\/a>.<\/p>\n<\/div>\n<div class=\"lb-txt-16 lb-rtxt\">\n<p>So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.<\/p>\n<p>The information you share with Arex as part of this process is kept confidential within Arex. Arex will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product&#8217;s author or manufacturer. Otherwise, Arex will only share this information as permitted by you.<\/p>\n<p>Arex will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.<\/p>\n<h2>Safe Harbor<\/h2>\n<\/div>\n<div class=\"vertical-spacing interactive_markdown__p\">Gold Standard Safe Harbor supports the protection of organizations and hackers engaged in Good Faith Security Research. \u201cGood Faith Security Research\u201d is accessing a computer solely for purposes of good-faith testing, investigation, and\/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.<\/div>\n<div class=\"vertical-spacing interactive_markdown__p\">We consider Good Faith Security Research to be authorized activity that is protected from adversarial legal action by us. We waive any relevant restriction in our Terms of Service (\u201cTOS\u201d) and\/or Acceptable Use Policies (\u201cAUP\u201d) that conflicts with the standard for Good Faith Security Research outlined here.<\/div>\n<div class=\"vertical-spacing interactive_markdown__p\">This means that, for activity conducted while this program is active, we:<\/div>\n<ul>\n<li><strong>Will not<\/strong>\u00a0bring legal action against you or report you for Good Faith Security Research, including for bypassing technological measures we use to protect the applications in scope; and,<\/li>\n<li><strong>Will<\/strong>\u00a0take steps to make known that you conducted Good Faith Security Research if someone else brings legal action against you.<\/li>\n<\/ul>\n<div class=\"vertical-spacing interactive_markdown__p\">You should contact us for clarification before engaging in conduct that you think may be inconsistent with Good Faith Security Research or unaddressed by our policy.<\/div>\n<div class=\"vertical-spacing interactive_markdown__p\">Keep in mind that we are not able to authorize security research on third-party infrastructure, and a third party is not bound by this safe harbor statement.<\/div>\n<h2 id=\"Scope\" class=\"lb-txt-bold lb-txt-28 lb-h2 lb-title\">Scope<\/h2>\n<div class=\"lb-txt-16 lb-rtxt\">\n<p>The following activities are out of scope for the Arex Vulnerability Reporting Program. Conducting any of the activities below will result in disqualification from the program permanently.<\/p>\n<ol>\n<li>Targeting assets of Arex customers or non-Arex sites hosted on our infrastructure<\/li>\n<li>Any vulnerability obtained through the compromise of Arex customer or employee accounts<\/li>\n<li>Any Denial of Service (DoS) attack against Arex products or Arex customers<\/li>\n<li>Physical attacks against Arex employees, offices, and data centers<\/li>\n<li>Social engineering of Arex employees, contractors, vendors, or service providers<\/li>\n<li>Knowingly posting, transmitting, uploading, linking to, or sending malware<\/li>\n<li>Pursuing vulnerabilities which send unsolicited bulk messages (spam)<\/li>\n<\/ol>\n<\/div>\n<h2>The Arex security team commitment:<\/h2>\n<p>We ask that you do not share or publicize an unresolved vulnerability with\/to third parties. If you responsibly submit a vulnerability report, the Arex security team and associated development organizations will use reasonable efforts to:<\/p>\n<ul>\n<li>Respond in a timely manner, acknowledging receipt of your vulnerability report<\/li>\n<li>Provide an estimated time frame for addressing the vulnerability report<\/li>\n<li>Notify you when the vulnerability has been fixed<\/li>\n<\/ul>\n<p>We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Arex.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/www.okta.com\/vulnerability-reporting-policy\/ https:\/\/aws.amazon.com\/security\/vulnerability-reporting\/ https:\/\/www.rapid7.com\/security\/disclosure\/ https:\/\/hackerone.com\/cloudflare?type=team https:\/\/hackerone.com\/cloudflare\/safe_harbor https:\/\/hackerone.com\/baidu?type=team &nbsp; Reporting Suspected Vulnerabilities \u00a0If you would like to report a vulnerability or have a security concern regarding Arex cloud<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1911","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/pages\/1911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/comments?post=1911"}],"version-history":[{"count":0,"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/pages\/1911\/revisions"}],"wp:attachment":[{"href":"https:\/\/arexgo.com\/APP\/wp-json\/wp\/v2\/media?parent=1911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}