Responsible Disclosure Policy

Last updated: August 3, 2022

Vareto maintains a Responsible Disclosure Policy (RDP) scoped to particular assets as identified below. You can contact us for more information or to report vulnerabilities security@vareto.com.

Policy Scope


Vareto’s Responsible Disclosure Policy covers the following products:

The scope of this policy may expand in the future as we add additional product capabilities and gain experience with this process.

Terms


Vareto will not engage in legal action against individuals who submit vulnerability reports to security@vareto.com in accordance with this policy. We openly accept reports for the Vareto products identified above. We agree not to pursue legal action against individuals who:

Submitting a vulnerability


Submit vulnerability reports to Vareto’s Product Security Team via security@vareto.com.

Report Prioritization and Acceptance Criteria


Preference will be given to reports that meet the following criteria:


What you can expect from Vareto:


Vareto reserves the right to use a neutral third party to assist in determining how best to handle the vulnerability.