Responsible Disclosure Program Terms of Use

Thank you for offering to share information regarding a security vulnerability with us. The security of our applications and the data we are responsible for protecting is important to us and we are grateful for any information you can share with us about how we can further improve it.
By submitting a vulnerability report, you are agreeing to the terms below (the “Terms of Use”), which are intended to protect both you and us.
Safe Harbor. If you submit a vulnerability report to us, using the process outlined below, in compliance with all of the terms in these Terms of Use, we will not pursue civil action or initialize a complaint to law enforcement against you for accessing our systems without authorization in order to identify that vulnerability.
Submission Process. Please submit all vulnerability reports to us (in Contact section). In each report submitted, include:
a. a description of the vulnerability;
b. the URL, IP address, port, or other information that would assist us in locating the vulnerability;
c. detailed and clear steps to reproduce the issue (including logs, screenshots, responses, or other evidence) or proof of concept code;
d. how you found the issue;
e. presumed impact;
f. any remediation steps you would suggest; and
g. your name and contact details

Scope. You may not access any individual workstation, or system, network, content, application or data of any third party, in connection with this program. The safe harbor described above does not apply to any such system, network content, application or data.

No Access to Personal Data or Misuse of Data. By participating in this program, you represent that you have not at any time accessed personal data of our customers or users found on our systems, and that, in the event that you inadvertently acquired any, you have securely deleted that data. You represent that you have not, and covenant that you will not, misuse any data extracted from our environment for any fraudulent, malicious, defamatory, abusive, threatening, unlawful or otherwise improper purpose.

Intellectual Property Rights. By submitting information relating to a vulnerability, you grant us a perpetual, worldwide, royalty-free, fully paid-up license to use and disclose any information you submit, including any proofs of concept, patches, improvements, suggestions, code samples or any other information, in connection with the vulnerability to analyze, remediate or improve our systems and networks, incorporate it into our products or services, and to conduct further testing, or for any other legitimate business purpose. We do not grant you any intellectual property rights to any image, information, writing, invention, code or other creation in connection with these Terms of Use.

Independent Contractor. Nothing in connection with your submission of a vulnerability shall indicate the you are an employee of DHB (DHB-Danny Helpbright) Value Toolkit and the relationship between you and DHB Value Toolkit shall not constitute a partnership, joint venture or agency. You shall not have the authority to make any statement, representation or commitment on DHB Value Toolkit's behalf.

Disclaimer of Liability and Obligation. DHB Value Toolkit shall not be liable to you in connection with these Terms of Use for any direct, indirect, exemplary, incidental, special or consequential damages. Unless otherwise agreed by DHB Value Toolkit , any information submitted by you in connection with a vulnerability is provided at no charge and DHB Value Toolkit shall not owe you any fee for that submission or any services performed or expenses incurred.

Encrypted Messages. Please use our PGP key posted in the collapsible element below to send an encrypted message.