Vulnerability Disclosure Program

Spekit, Inc.: Vulnerability Disclosure Policy

Thank you for taking interest in the security of Spekit, Inc.. We value the security of our customers, their data, and our services. In an effort to protect our digital ecosystem, we’ve created this page to allow security researchers from around the world to report any potential security issues they may have found.

Our commitment to you:

  • Maintain trust and confidentiality in our exchanges with researchers who report to the program.
  • To treat everyone who contributes with respect and we appreciate your contribution to keeping us and our customers safe and secure.
  • To work with you to validate and remediate reported vulnerabilities
  • To investigate and remediate issues in a manner consistent with protecting the safety and security of our cloud customers. Addressing a valid reported vulnerability will take time. This will vary based on the severity of the vulnerability and the affected systems.

Our ask of you:

  • Trust. As we promise to maintain trust and confidentiality with you, we ask that you do the same with us. We ask that you do not disclose any information regarding your submission’s details without express written permission from our team.
  • Please provide as much information in your submission. It is vital to provide clear reproduction steps regarding your finding so that we may validate the report in a timely manner.
  • Adhere to the out of scope section below.
  • Please make sure to add your email address to the submission, so we can get in touch with you about any technical details as needed.

Out of scope:

  • Testing the physical security of our offices, employees, equipment, etc.
  • Conducting non-technical attacks such as social engineering or phishing attacks.
  • DoS/DDoS or any other testing that would impact the operation of our systems.
  • Accessing, downloading, or modifying data residing in an account that does not belong to you.
  • Testing that would result in sending spam or other unsolicited messages.
  • Testing third-party applications or services.
  • Defacing any of our assets.

Below you will find the form where you can submit your finding. Please remember to include as much information in a clear manner to help facilitate validation. It is highly recommended that you provide your email address to ensure you can claim your submission and continue communication as needed.