Vulnerability Disclosure Program
DMCA and Copyright Abuse Policy
Dated: 08 Jun 2021
Trint has its own in-house Vulnerability Disclosure Programme. This makes it easier to speak directly with us to report a vulnerability and have us investigate it.
If you think you have found a Vulnerability with Trint please send an email to email@example.com, providing a detailed description of a proof of concept to reproduce the vulnerability.
If you have reported an issue that is:
- determined to be within program scope;
- determined to be a valid security issue;
and you have followed program guidelines, Trint will recognise your finding and you will be allowed to disclose the vulnerability after a fix has been issued.
Typical Vulnerabilities Accepted:
- OWASP Top 10 vulnerability categories
- Other vulnerabilities with demonstrated / proven impact
- Infrastructure vulnerabilities
Typical Out of Scope:
- Informational disclosure of non-sensitive data
- Theoretical vulnerabilities
Vulnerability Disclosure Guidelines:
- Work directly with Trint on vulnerability submissions
- Provide detailed description of a proof of concept to detail reproduction of vulnerabilities to firstname.lastname@example.org
- Do not use disruptive testing like Denial of Service or any form of action that could impact the confidentiality, integrity or availability of information and systems
- Do not engage or use social engineering or phishing of customers or employees
- Do not request compensation for any vulnerabilities discovered