English
Skip to content

Responsible disclosure

At SysArc, we consider the security of our systems - our network and our products - extremely important. Despite our efforts for effective security of our systems, a weak spot is possible. If you have found a weak spot in one of our systems, please let us know straightaway so we can take appropriate measures as quickly as possible.

Weak spots can be discovered in two ways: coincidently as part of the regular use of the digital environment or intentionally by looking for a security vulnerability (with automated tools). Our responsible disclosure policy is not an invitation to actively scan our corporate network to discover vulnerabilities. We would like to work with you to better protect our customers and our systems.

We ask you to

  • Email your findings as soon as possible to itsupport@sysarcinfomatix.com not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties.
  • Not share the problem with others until it is resolved and promptly delete any confidential information which may have been obtained through the leak.
  • Not to use hacking tools that adversely affect the availability of our systems such as SPAM or DDOS tools; provide sufficient information to reproduce the problem to ensure we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the  vulnerability is sufficient, but more complex vulnerabilities may require more.
  • We will respond to your report within 30 business days with our assessment of the report and an expected resolution date; if you have adhered to the above conditions, we will not take legal action against you regarding the report.
  • We will treat your report confidentially and will not share your personal information with third parties without your permission unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible.
  • We will keep you informed of the progress of solving the problem; however, we cannot offer any reward for the report of an unknown security issue. We strive to resolve all issues as quickly as possible.