Vulnerability reporting

How to report a vulnerability with a Biofidelity system or service

We appreciate reports of suspected vulnerabilities in any Biofidelity services or systems. We don’t currently operate a public bug bounty program, or offer monetary rewards for vulnerability reports. However, individuals may be acknowledged in product release notes as appropriate.

 

Please avoid reporting:

  • Non-exploitable vulnerabilities or that our services are configured in a manner that you believe could be improved e.g. missing HTTP security headers or sub-optimal email related configuration (SPF, DKIM, DMARC, etc).
  • TLS configuration weaknesses, for example weak cipher suite support or the presence of TLS 1.0 support.

If you believe you have discovered a vulnerability in a Biofidelity service or system, please report it to: security@biofidelity.com.

 

To help us evaluate your report as quickly as possible please include:

  • Date and time you first made the discovery
  • URL(s)/IP(s) where you found the issue
  • The steps to reproduce or a proof-of-concept
  • Any relevant tools used (including the version) and the output
We take all vulnerability reports very seriously and aim to quickly respond and verify the vulnerability before taking action to address it. After an initial reply to acknowledge the receipt of your disclosure, we will update you periodically with our progress and remediation status.

 

Email Encryption

You can use the PGP key ID C87919D8 with fingerprint 74BA BC36 A35B 0636 67C5  0128 26B0 CEB8 C879 19D8 to encrypt email to security@biofidelity.com.