NDS Systems is committed to securing our system, application, and client information. However, there are times when vulnerabilities can escape detection. In the event that one of these potential security vulnerabilities is identified, please report it to us immediately so that we may take the appropriate measures to protect our clients. We appreciate the assistance in our security efforts.
Please submit your report to firstname.lastname@example.org. Include a detailed summary of the vulnerability, including the target, steps, tools, artifacts, time/method used during the discovery, and the necessary steps for reproducing the vulnerability. If you have any screen captures available, please include them as well. We would like to contact you about the assessment and the progress of the vulnerability solution, so please include your contact information.
- Do not share information about the security vulnerabilities with a third party or disclose it publicly until NDS Systems has resolved the problem.
- Be responsible with the knowledge about the security problem. Do not engage in any actions beyond what is necessary to demonstrate the security problem that could potentially stop or degrade our services or assets.
- Do not store, share, compromise, or destroy confidential data obtained through the vulnerability in the system.
- Do not engage in any activity that violates any federal or state laws or regulations.
By responsibly submitting your findings to NDS Systems in accordance with the stated guidelines, NDS Systems agrees not to pursue legal action against you. However, NDS Systems reserves all legal rights in the event of non-compliance with these stated guidelines.
NDS Systems does not operate a Bug Bounty program. Therefore, we will make no offer of reward or compensation in exchange for submitting potential security vulnerabilities. We do, however, thank you for your submission and appreciate your assistance in our security efforts.
These vulnerabilities, we feel, are out of scope for our Responsible Disclosure Policy:
- Physical testing
- Denial of service attacks
- Resource exhaustion attacks