GreyB | Responsible Disclosure

Overview

GreyB is committed to the security of our systems, products, and our customer information. We appreciate the valuable contributions of the Cyber Security community. In order to work with us better, we'd like to share a few guidelines on reporting vulnerabilities to us. We expect that each security researcher aligns with our core values throughout their engagement with us. This will help facilitate a collaborative working environment and instills trust in all participants of the engagement.

If you believe you have identified a potential security vulnerability, please share it with us by following the submission guidelines below.

Vulnerability submissions

Our vulnerability disclosure program is hosted and managed by Sprinto.

Guidelines

• Provide GreyB with all appropriate information to quickly resolve the issue and minimize confusion around what was discovered and how.
• Keep communication channels open to allow effective collaboration.
• Do not engage in any activity that can potentially or actually cause harm to GreyB, our customers, or our employees.
• Do not engage in any activity that can potentially or actually stop or degrade GreyB services or assets.
• Do not store, share, compromise, or destroy GreyB or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact GreyB. This step protects any potentially vulnerable data, and you.
• Do not engage in any activity that violates:
  • Federal or state laws or regulations
  • The laws or regulations of any country where:
    • Data, assets, or systems reside,
    • Data traffic is routed, or
    • The researcher is conducting research activity.
• Keep information about any vulnerability you’ve discovered confidential between yourself and until we have had at least 90 days to review and resolve the issue. It is important to note that the timeframe for us to review and resolve an issue may vary based upon a number of factors, including the complexity of the vulnerability, the risk that the vulnerability may pose, among others. vulnerability may pose, among others.

What can you expect from us

• We will work with you to understand and resolve the issue in an effort to increase the protection of our customers and systems.
• When you follow the guidelines that are laid out above, we will not pursue or support any legal action related to your research.
• We will respond to your report within 7 business days of submission.
• We do not operate a bug bounty program, and we make no offer of reward or compensation in exchange for submitting potential issues.

Report Vulnerability

Please report any potential security vulnerabilities to us by following the submission guidelines below.

• Summary

  Help us get an idea of what this vulnerability is about.

• Description

  Describe the vulnerability and its impact. Provide proof-of-concept or steps to replicate it.

• URL / Location of vulnerability (optional)

  For example: https://secure.server.com/some/path/file.php

• Evidence link (optional)

  Share the link to the proof-of-concept scripts, screenshots, screen recordings, or other relevant files. Ensure that the necessary viewing access is granted.

Please contact us at support@greyb.com to report the vulnerability.