Ontivity Vulnerability Disclosure Policy
PURPOSE
This policy applies to all Ontivity-owned websites, applications, and systems that are publicly accessible.
SCOPE
Ontivity is committed to maintaining the security and integrity of our systems and data.
This Vulnerability Disclosure Policy outlines how security researchers and other
individuals can report potential vulnerabilities responsibly.
Reporting a Vulnerability
Guidelines for Researchers
Our Commitment
Safe Harbor
If you discover a security vulnerability, please report it to us promptly by sending an
email to:
Include the following details in your report:
• A clear description of the vulnerability.
• Steps to reproduce the issue.
• Any supporting evidence (screenshots, logs, or proof-of-concept code).
• Do not exploit the vulnerability beyond what is necessary to demonstrate it.
• Do not access, modify, or delete data that does not belong to you.
• Do not perform actions that could degrade Ontivity services or harm users.
• Do not share vulnerability details publicly until Ontivity confirms remediation.
-
We will acknowledge receipt of your report within 5 business days.
-
We will provide updates on remediation progress.
-
We will not pursue legal action against individuals who follow this policy in good faith.
Ontivity considers activities conducted under this policy to be authorized, provided they
are carried out in good faith and within the scope defined above.
.png)
