One of our core values is Trust:
Champion complete vigilance for the privacy and security of information. Show respect through accountability; responsibility assumed; and ownership taken. Transparently. Willingly. Effectively.
As such, at IT Glue we take each and every security incident extremely seriously, and we have internal processes and security compliance standards that guide how we review reports or remediate possible vulnerabilities.
In an effort to maintain utmost confidentiality and protect partner data and security, we will take additional steps to move all security-related discussions offline, reducing any and all public visibility until we have properly assessed the situation.
Our Responsible Security Reporting and Disclosure policy invites the disclosure of security vulnerabilities in a responsible and ethical manner. If you're a user, partner, or security researcher, and you think you've found a possible vulnerability with IT Glue, please follow the steps below:
- Potential security bugs and vulnerabilities should be reported to us by email.
- Give us an opportunity to respond before making any public disclosure or comments about the vulnerability.
- Do not share, access, or modify any data without account owner permission.
- Act in good faith, and do not maliciously degrade the performance of our services (including denial of service).
Following these basic guidelines, we will all be better equipped to help keep data safe. Thank you in advance for your consideration of, and abidance with this policy.