Testgrid

Responsible Vulnerability Disclosure Policy

Introduction

TestGrid is committed to ensuring the security and privacy of our systems, products, and users. We recognize the valuable role that security researchers and the broader security community play in identifying and responsibly disclosing potential vulnerabilities. This policy outlines how we encourage and respond to responsible vulnerability disclosures.

Scope

This policy applies to all digital assets owned, operated, or maintained by TestGrid. If you identify a vulnerability in a system that is not explicitly covered, we encourage you to report it, and we will assess it on a case-by-case basis.

Reporting a Vulnerability

If you have discovered a security vulnerability, please report it to us by sending an email to info@testgrid.com with the following details:

  • A detailed description of the vulnerability, including affected systems, services, or applications.
  • Steps to reproduce the issue, including any proof-of-concept code if applicable.
  • Potential security impact and possible exploitation scenarios.
  • Your contact information for follow-up.

Our Commitment

When a vulnerability is reported in good faith and in compliance with this policy, we commit to:

  • Acknowledging receipt of the report within 2 business days.
  • Providing an estimated timeline for our investigation and resolution efforts.
  • Keeping you informed on the progress of the remediation process.
  • Recognizing your contribution publicly (if desired) once the issue is resolved.

Responsible Disclosure Guidelines

To ensure the security of our users and systems, we ask that researchers:

  • Avoid accessing, modifying, or deleting user data without explicit permission.
  • Avoid accessing, modifying, or deleting user data without explicit permission.
  • Not publicly disclose the vulnerability until we have had sufficient time to address it.
  • Comply with applicable laws and refrain from engaging in any actions that could cause harm.

Safe Harbor

We will not pursue legal action against researchers who, in good faith, adhere to this policy and conduct their research in a responsible manner. However, this policy does not grant immunity if laws are violated.

Out of Scope

The following activities are considered out of scope:

  • Denial-of-Service (DoS) attacks or testing that degrades system performance.
  • Social engineering, phishing, or attacks against our employees, customers, or partners.
  • Physical security attacks against our offices, data centers, or employees.
  • Vulnerabilities in third-party applications or services that we do not control.

Contact Us

For questions or concerns about this policy, please contact info@testgrid.com.

Thank you for helping us improve the security of TestGrid!