Vulnerability
Disclosure Policy
The security of our systems and our customers' data is our highest priority. We value the work of the security community and encourage the responsible reporting of vulnerabilities.
Our approach to disclosure
If you believe you have discovered a security vulnerability in one of our systems, please inform us immediately. We are committed to cooperating to resolve the issue as quickly as possible.
Safe harbor
We will not take legal action against individuals who responsibly discover and report vulnerabilities in accordance with these guidelines.
Entry
Ideally, send your findings to our security team in encrypted form. Include proof-of-concepts (PoCs) and steps for reproducing the issue.
reaction
We will promptly acknowledge receipt of your report and keep you updated on the progress of the resolution.
confidentiality
Please keep the information regarding this vulnerability confidential until we have resolved the issue and issued an official release.
Rules for the
Testing (Scope)
To ensure the safety and operation of our systems during your investigations, we ask that you strictly adhere to the following guidelines:
No service interruption
Avoid Denial-of-Service (DoS) attacks, spamming, or automated scans that could negatively impact performance.
Respect data privacy
Do not access user data, company data, or other confidential information. Stop the test if you encounter such data.
No social engineering
Phishing, vishing, or physical attacks on our employees or locations are strictly prohibited.
Within the scope of application:
- *.appterix.eu or *.egomind.eu
- Official software components and apps
- Open APIs and web services
Outside the scope of application (Out-of-Scope):
- Third-party or partner systems
- Lack of best practices (without exploitable proof of concept)
- Self-XSS or CSRF without significant impact
Contact & transmission:
Send your reports to: support@egomind.eu or use our contact form.