Last updated: 6 April 2020
We take the security of all of our customers, engineers and users very seriously. We also greatly appreciate investigative work into security vulnerabilities that is carried out by well-intentioned, ethical security researchers. We are committed to collaborating with this community to investigate and resolve security issues. The purpose of this policy is set out how we will work with our users and security researchers to improve ITARMI’s online and platform security.
If you are unsure at any stage whether the actions you are thinking of taking are acceptable or within the scope of this policy, please contact our Information Security Team for guidance at firstname.lastname@example.org. Please do not include any sensitive information in this type of communication.
Please only report vulnerabilities relating to the following products:
We are primarily interested in hearing about the following vulnerability categories:
This policy is designed to be compatible with good practice among well-intentioned security researchers. Therefore, ITARMI will not seek to prosecute any security researcher who reports a security vulnerability in good faith and in accordance with the scope and procedure of this policy.
Security researchers must not:
We request that all data retrieved during security research is securely held and then securely deleted as soon as it is no longer required (and, in any case, within 1 month after the vulnerability has been resolved).
If you have discovered a security issue which you believe is within the scope of this policy, please e-mail us your report at email@example.com.
What we would like to see in your report:
Please do not include any details in your initial report that would allow reproduction of the security issue. Our Information Security Team will request this information at a later stage, using encrypted communications.
By following the above criteria, you will allow our Information Security Team to give your report higher priority in reviewing, validating and resolving the security issue.
What you can expect from us:
This policy will evolve over time and your input will help us to ensure that it remains clear, complete and relevant. Therefore, if you wish to provide any feedback on this policy, please contact our Information Security Team at firstname.lastname@example.org.
Let's keep the wildebeest of our world crossing rivers like the Mara. Yes, there will be crocodiles in wait and, yes, some of us will perish, but a vast majority will make it!
Our CEO Brett Riley talking about the affects Covid-19 has had on ITARMI and the changes we have had to make as a company to navigate through these difficult and uncertain times.