Security Vulnerability Reporting Policy

Introduction

At ITHeart, we take the security of our systems seriously and value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users..

Reporting a Vulnerability

If you believe you have found a security vulnerability on our website, we encourage you to let us know right away. We ask that you report the vulnerability to us in a responsible manner.

How to Report a Vulnerability

Please follow these steps to report a security vulnerability:

Encrypt Your Findings: For the security of our users, we require that any findings be encrypted using our public PGP key. The key is available at: https://www.itheart.co.uk/pgp.txt

Send Your Report: Please send your encrypted findings to da@itheart.co.uk or to the email address listed in our security.txt file on our website. Ensure your report includes a detailed description of the vulnerability, including the steps to reproduce it. This will help us in validating the issue quickly.

Stay in Communication: After you have submitted your report, we will respond as quickly as possible to acknowledge receipt of your report. We may contact you for further information if necessary.

Policy and Ethics

We ask that you: Do not exploit a security issue you have discovered for any reason. This includes demonstrating additional risk, such as attempting to extract data, attempting to view sensitive information, or impacting other users.

Do not publicly disclose the vulnerability prior to our resolution and public disclosure. We aim to resolve all security issues in a timely manner, and we will work with you to understand and resolve the issue.

Acknowledgements

We appreciate the effort and expertise it takes to discover security vulnerabilities, and we are committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us.

Commitment

ITHeart.co.uk reserves the right to make changes to this Acceptable Use Policy at any time. Your continued use of the website following the posting of changes to these terms means you accept these changes.

Upon receiving your report, ITHeart commits to:
Promptly acknowledge receipt of your report.
Provide an estimated time frame for addressing and resolving the vulnerability.
Notify you when the vulnerability is fixed.
Publicly acknowledge your responsible disclosure, with your permission.

We strive to keep our website safe for everyone, and we welcome the valuable assistance of security researchers and our community in this effort.