Call Centre Vulnerability Disclosure Program & Platform

Discovering Security Vulnerabilities

We encourage responsible security research on the Narisetu Solutions services and products. Upon prior written approval we permit you to conduct vulnerability research and testing on the Narisetu Solutions Services to which you have authorized access. Requests are to be sent to naarisetusolutions@gmail.com.

In no scenario shall your research and testing involve:

1. Accessing, or attempting to access, accounts or data that does not belong to you or your Authorized Users,
2. Any attempt to modify or destroy any data,
3. Executing, or attempting to execute, a denial of service attack,
4. Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages to any Narisetu Solutions employee or contractor
5. Testing third party websites, applications or services that integrate with Narisetu Solutions Services,
6. Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software, or otherwise attempting to interrupt or degrade the Narisetu Solutions services, and
7. Any activity that violates any applicable law, or breaching any agreements in order to discover vulnerabilities

Issues not to Report

1. Disclosure of known public files or directories (e.g. robots.txt)
2. Banner disclosure on common/public services
3. HTTP/HTTPS/SSL/TLS security header configuration suggestions
4. Lack of Secure/HTTPOnly flags on non-sensitive cookies
5. Phishing or Social Engineering Techniques
6. Presence of application/web browser 'autocomplete' or 'save password' operations
7. Sender Policy Framework (SPF) configuration suggestions
8. DMARC configurations
9. Clickjacking / UI Redressing

Reporting Security Vulnerabilities

Pending written approval from Narisetu Solutions to conduct the research, if you believe you have discovered a security vulnerability issue, please share the details with Narisetu Solutions by filling the form below.

Safe Harbor

When conducting vulnerability research according to this policy, we consider this research to be:

• Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy
• Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
• Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
• Lawful, helpful to the overall security of the Internet, and conducted in good faith.
• You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via naarisetusolutions@gmail.com before going any further.

Narisetu Solutions Security Team Commitment

Please understand that your research is considered the Confidential Information of Narisetu Solutions and any publication, reproduction or other distribution of any of the research is expressly prohibited without Narisetu Solutions’s prior written consent. If you responsibly submit a vulnerability report, the Narisetu Solutions security team and associated development organizations will use reasonable efforts to:

1. Respond in a timely manner, acknowledging receipt of your vulnerability report
2. Provide an estimated time frame for addressing the vulnerability report
3. Notify you when the vulnerability has been fixed