Responsible Disclosure

At ALF Assist, we are committed to excellence, not only in the services we provide but also in the security and reliability of our systems. Our responsible disclosure page underscores our dedication to digital safety. We believe in collaboration and transparency to maintain the highest levels of security. If you’ve discovered a vulnerability in our website and/or systems, we encourage you to share it with us so we can work together to resolve it. Your insights help us enhance our services and ensure the protection of our clients.

 

Let’s collaborate to create a safer digital environment, as dependable and efficient as the support we offer.

Responsible Disclosure

At ALF Assist, the security of our systems is a top priority. However, no matter how much effort we put into ensuring system security, vulnerabilities can still be present. If you discover a vulnerability, we would greatly appreciate it if you could inform us so we can take immediate action to address the issue. Your assistance in protecting our clients and our systems is invaluable.

We strive to resolve any problems as quickly as possible, and we are committed to playing an active role in the publication of the resolution once the issue has been addressed.

What We Expect:

  • Email your findings to [email protected].
  • Encrypt your findings using our PGP key to ensure that critical information does not fall into the wrong hands.
  • Do not exploit the vulnerability or problem you have discovered. For example, avoid downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data.
  • Do not disclose the problem to others until it has been fully resolved.
  • Refrain from using attacks on physical security, social engineering, distributed denial of service (DDoS), spam, or applications of third parties.
  • Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Typically, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but more complex vulnerabilities may require further explanation.

What We Promise:

  • We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date.
  • If you have followed the instructions above, we will not pursue any legal action against you regarding the report.
  • We will treat your report with strict confidentiality and will not share your personal details with third parties without your permission.
  • We will keep you informed of the progress toward resolving the issue.
  • In any public information concerning the problem reported, we will credit you as the discoverer of the problem, unless you request otherwise.
  • As a token of our gratitude for your assistance, we might offer a small reward for every report of a security issue that was not previously known to us.

Your proactive approach to reporting vulnerabilities helps us maintain the security and integrity of ALF Assist’s systems, and we deeply value your contribution to this ongoing effort.