At IT Glue, one of our core values is Trust:
|Champion complete vigilance for the privacy and security of information. Show respect through accountability; responsibility assumed; and ownership taken. Transparently. Willingly. Effectively.|
As such, we take each and every security incident extremely seriously. Our internal processes and security compliance standards guide how we review reports or remediate possible vulnerabilities.
In an effort to maintain utmost confidentiality and protect partner data and security, we take additional steps to move all security-related discussions offline, reducing any and all public visibility until we have properly assessed the situation.
Our Responsible Security Reporting and Disclosure policy invites the disclosure of security vulnerabilities in a responsible and ethical manner. If you're a user, partner, or security researcher, and you think you've found a possible vulnerability with IT Glue, please follow the steps below:
- Report any potential security bugs and vulnerabilities to us by email.
- Kindly give us an opportunity to respond before making any public disclosure or comments about the vulnerability.
- Do not share, access, or modify any data without account owner permission.
- Act in good faith and do not maliciously degrade the performance of our services (including denial of service).
Following these basic guidelines, we will all be better equipped to help keep data safe. Thank you in advance for your consideration of and abidance with this policy.