Responsible Disclosure
HostSentry follows industry best-pratices for Responsible Disclosures of vulternabilities on our platform and associated vendors. We request that you follow the guidelines listed below and contact us with any questions, comments, or feedback.
Overview
Below you will find a consolidated list of our company policies, proceedures, and responsible reporting guidelines. If you have any questions, comments, or suggestions, please feel free to contact us.
Promise: Commitment to our Customers
HostSentry is dedicated to our customers and realize that they rely on us to provide mission-critical services. HostSentry has a clear, good faith commitiment to customers and other stakeholders potentially impacted by security vulnerabilities.
Scope
hostsentry.net
strata.hostsentry.net
Rewards
While we do not typically provide financial compensation, we are open to discussions based on the vulnerabilties found on our platform.
Reporting Security Issues
- HostSentry requests the reporter keep any communication regarding the vulnerability confidential.
- HostSentry investigates and verifies the vulnerability.
- HostSentry addresses the vulnerability and releases an update or patch to the software. If for some reason this cannot be done quickly or at all, HostSentry will provide information on recommended mitigations.
- HostSentry publicly announces the vulnerability in the release notes of the update. HostSentry may also issue additional public announcements, for example via social media, our blog, and media.
- Release notes (and blog posts when issued) include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous.
We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services, and better protect our customers. Thank you for working with us through the above process.