Responsible Disclosure Policy

RAPHACURE is committed to the safety and security of its systems and services and to the integrity of our data. We recognize the valuable role of the security research community and we welcome reports from researchers, both of potential vulnerabilities in our systems and of confidential data from or relating to our services that may be accessible by unauthorized persons.

RAPHACURE will not initiate legal action against anyone who makes a report in compliance with this policy.

Disclosure Policy

A security vulnerability is a weakness in the defenses of our services that may compromise the safety of our systems. Security researchers and others who become aware of potential vulnerabilities should make a report using the submission instructions below.

We encourage anyone who believes they have discovered a potential vulnerability, or who has become aware of unauthorized access to confidential RAPHACURE data (including customer data), to inform us immediately to help protect our customers and to improve and strengthen the confidentiality, availability and integrity of our systems.

RAPHACURE does not offer a bug bounty program or compensation for disclosure.

Disclosure Guidelines

• We will promptly investigate all reports. If your report relates to a potential vulnerability, it should contain details sufficient for us to reproduce the vulnerability.
• We require a reasonable amount of time to remediate the situation before information about the issue is made known to the public.
• Do not engage in unauthorized data access, deletion, modification or corruption.
• Do not cause service disruptions while testing the vulnerability that you discovered.
• Prohibited research activities include denial of service, spamming, social engineering (including phishing), physical attempts against RAPHACURE property or data centers, and other activities that may cause damage to RAPHACURE’s services, systems or to our or our customers’ data, including activities that impact service availability, such as vulnerability scanning tools.

Reporting Potential Vulnerabilities

The information in your report is extremely sensitive. To make a report to RAPHACURE Information Security, email to techsupport@raphacure.com

Reports should include the following information:

• Your name and contact information
• Your organization (if applicable) or LinkedIn/Twitter profile URLs
• The RAPHACURE services that may be affected
• A detailed description of the issue that you’ve discovered
• Supporting technical details, including descriptions or examples of exploit/attack code, packet captures, and steps to reproduce the issue
• Any known information about live exploits
• Your disclosure plans, if any

If RAPHACURE Information Security Group determines that a reported issue is valid, we will engage in efforts to establish controls, remediate as needed, and, as required by law or as otherwise necessary due to the risk and impact of the matter, inform those who we determine may have been affected by this issue.