Our experiences shape who we are. We are the memories that we keep from these experiences .

Protect Your Business From All Threats

Our Vision is to build the most effective and affordable cybersecurity technology and services for website security and performance.

Rock Solid Firewall

Add a much-needed layer of security to your Content Management System and ensure every single vulnerability is uncovered.

Scan For Vulnerabilities

There are a hundred and one ways your site could get hacked, and you need to secure every single one of them.

Build Custom Security Rules

You have worked hard to build a brand and a relationship with your customers. But it could all be lost.

We Improve the ability of making decisions timely and demonstrate impact, value, and relevance to help maintain a ready digital defense .

Vulnerability Disclosure Policy

Purpose

To educate the vendor of the vulnerability and risk reduction through vendor patch or workaround development

Bulletproof to understand how the vendor intends to fix the vulnerability and risk reduction through developing protections in Bulletproof’s products and services

Education of the information security community and the public at large about the vulnerability and risk reduction through spreading awareness of a vendor patch/workaround as well as protections and security controls that can prevent exploitation of the vulnerability

Aims

Education of the vendor regarding the vulnerability and risk reduction through vendor patch or workaround development

Education of Bulletproof on how the vendor intends to fix the vulnerability and risk reduction through developing protections in Bulletproof’s products and services

Education of the information security community and the public at large about the vulnerability and risk reduction through spreading awareness of a vendor patch/workaround as well as protections and security controls that can prevent exploitation of the vulnerability

Definitions

The vendor is the individual, group, or company that maintains the software, hardware, or resources that are related to the vulnerability

The date of contact is the point in time when Bulletproof initially contacts the vendor about the vulnerability

All dates, times, and time zones are relative to location of Bulletproof’s geographical location

All day counts are calendar

Policy

The vendor will be given 14 days from the date of contact for an initial response. Within the 14 days, three attempts at contact will be made. Should no contact occur by the end of 14 days, Bulletproof will evaluate the risk to our clients and may decide to disclose the vulnerability to its clients, at a minimum.

Bulletproof will provide a best effort to honour requests from the vendor for additional information or help in reproducing the vulnerability. This will include providing configuration details and the scenario in which the vulnerability was discovered.

The vendor is responsible for providing regular status updates (regarding the resolution of the vulnerability). If the vendor discontinues communication at any stage of the process for more than 30 days after date of contact, Bulletproof will view the vendor as non-responsive and will consider public disclosure.

The vendor is encouraged to provide reasonable credit to Bulletproof and to the researcher responsible for discovering the vulnerability. Suggested (minimal) credit could be: "Credit to [researcher name] from the Penetration Testing Team at Bulletproof for disclosing the vulnerability to [vendor name]."

The vendor is encouraged to coordinate a joint public release/disclosure with Bulletproof so advisories of the vulnerability and resolution can be made available together.

The vendor will be given a maximum of 90 days after the date of contact to release a patch. After 90 days Bulletproof will consider public disclosure.

If a third party publicly discloses the vulnerability during this process, disclosure will be considered to be public and Bulletproof will work with the vendor for immediate disclosure.

If the vulnerability is being actively exploited in the wild, Bulletproof will work with the vendor on an escalated disclosure timeline potentially less than seven days after the date of contact if exploitation is experienced on a wide and public scale.

Proof of concept code or technical explanation of exploitation of a vulnerability that is rated critical may be withheld for up to 14 days after public disclosure to allow time for organisations to protect themselves.


Got some ideas for a project?

Drop us a line will be glad to here from you