Security disclosure Guidelines

At White Cloak Technologies, Inc. (“WC”), we are committed to the security of our products, services, and data. We value the contributions of security researchers, ethical hackers, and the general public in identifying and reporting potential vulnerabilities. These guidelines outline our approach to managing these reports and provide guidance on how to participate in our Vulnerability Disclosure Program (VDP).

SCOPE

These guidelines apply to all digital assets owned or managed by White Cloak, including websites, applications, and infrastructure. We welcome reports related to potential vulnerabilities in any of these assets.

Reporting Process

White Cloak has partnered with Secuna to manage our Vulnerability Disclosure Program (VDP). If you believe you have discovered a security vulnerability, please follow these steps:

  1. Sign up as a Hunter on the Secuna platform.
  2. Access White Cloak Vulnerability Disclosure Program on Secuna and read the policy and guidelines.
  3. Submit your findings through the program 

By submitting a report, you agree to adhere to both Secuna’s terms and conditions as well as White Cloak’s program policy and guidelines.

Expectations from researchers

We expect security researchers and ethical hackers to adhere to responsible disclosure practices. Specifically, we ask that you:

  • Respect the privacy of our users and not access or compromise any personal data.
  • Ensure your testing does not negatively impact our system performance or disrupt any services.
  • Follow all applicable laws and regulations while conducting your research.
  • Only use your own accounts and systems for testing purposes.
  • Keep the vulnerability confidential and not disclose it publicly until we have resolved the issue.

What Researchers Can Expect from Us

When you submit a valid vulnerability report through our VDP,  White Cloak will:

  • Acknowledge receipt of your submission.
  • Review and prioritize the report based on its potential impact.
  • Provide regular updates on the status of your submission through Secuna Platform.
  • Collaborate with you if additional information or clarification is needed to resolve the issue.
  • Offer recognition for your contribution, if applicable, once the vulnerability is resolved 
Safe Harbor
If you adhere to these guidelines and act in good faith, White Cloak Technologies commits to not pursuing legal action for security research activities conducted in compliance with our Vulnerability Disclosure Program.
 

Feedback

For feedback, questions or suggestions on this policy, please contact our security team at security@whitecloak.com. Your input is valuable for ensuring the policy remains clear, comprehensive, and relevant..