Responsible Disclosure Policy

Responsible Disclosure Policy

At Obsidian Security, we take the security of our products and services very seriously. We are committed to protecting the confidentiality, integrity, and availability of our customers’ information and data.

As part of our commitment to security, we welcome and encourage the responsible disclosure of potential security vulnerabilities in our products and services. However, please note that we do not offer any monetary rewards for reporting potential vulnerabilities. This policy outlines our approach to managing and responding to reports of potential vulnerabilities.

Scope
  • This policy applies to all products and services offered by Obsidian Security, including software, hardware, and cloud-based services.
  • This policy does not apply to any third-party products or services that are integrated with or used in conjunction with our products and services.
  • This policy does not apply to any physical security vulnerabilities or issues related to the security of our facilities or infrastructure.
Reporting Process
  • If you believe you have discovered a potential security vulnerability in one of our products or services, please contact our security team at security@obsidiansecurity.com
  • Please provide as much detail as possible about the potential vulnerability, including the type of vulnerability, the potential impact, and any steps you have taken to reproduce or confirm the vulnerability.
  • Please do not disclose the potential vulnerability to anyone else until we have had a chance to investigate and confirm the issue.
  • We will acknowledge receipt of your report within 48 hours and provide regular updates on the status of our investigation.
Responsible Disclosure
  • We ask that you act in good faith and with the best interests of our customers and our company in mind when disclosing potential vulnerabilities.
  • We ask that you do not attempt to access or compromise any data or systems that do not belong to you.
  • We ask that you do not attempt to engage in any activities that could be considered illegal or unethical.
  • We will not take legal action against or pursue any penalties against individuals who report potential vulnerabilities in accordance with this policy.

We appreciate your assistance in helping us maintain the security and integrity of our products and services. If you have any questions or concerns about this policy, please contact our security team.