Our Commitment to Researchers
- We will treat researchers in a professional manner
- We will respond without undue delay and maintain good lines of communication with researchers until vulnerabilities are mitigated
- We will adhere to the principle of good faith and repair or alleviate the problems discovered by researchers within an appropriate time frame
We ask you to
- Please report the issues you have identified clearly and completely, and help us reproduce the problem
- Before sharing or publicly disclosing any reports with third parties, please provide us with reasonable time to resolve such issues.
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
- If a vulnerability is identified or any sensitive data is encountered, you must stop testing, notify us immediately, and not disclose this data to anyone else.
Scope
- This policy applies to any digital assets owned, operated, or maintained by AiDot, including public facing websites.
Reporting a vulnerability
- If you discover any vulnerabilities in our system or related
products, please email us as soon as possible(
security@aidot.com )Report to us and provide sufficient detailed information so that we can reproduce your steps.
Please provide as much detail as possible, including:
- details of the potential vulnerability
- the product/service which may be impacted
- your contact details
What happens next
-
Reply
reply to your report within 5 working days, including determining the severity and scope of the vulnerability -
Progress
keep you informed of our progress -
Disclosure Date
agree upon a date for public disclosure -
Repair Process
determine rewards and distribute them based on the vulnerability level, exploitation difficulty,impact range, and the help you provided us during the vulnerability repair process