Security and Vulnerability Disclosures
Here at Enablo, we take security seriously, and are committed to the security of the tech solutions we build and Enablo Platform. We recognise and love the important role that security researchers in the community play in keeping Enablo and our customers secure so if you discover a vulnerability on one of our many products or services, please notify us using the guide below.
- Share any security issues with us before making it public;
- We kindly ask you to wait until we’ve notified you that the vulnerability has been fixed before disclosing it;
- Provide as much detail as possible on how to reproduce the issue and any steps taken.
- Access unnecessary amounts of data. For example, 2 or 3 records is enough to demonstrate most vulnerabilities;
- Violate the privacy of Enablo staff, users, partners, contractors, systems, etc;
- Modify data in our system or services which is not your own;
- Disrupt our service(s) and/or systems, including attempted Denial of Service testing;
- Attempt physical or social engineering;
- Upload vulnerabilities or related data to third-party services (such as GitHub, YouTube, etc).
Reporting a vulnerability
If you have discovered a vulnerability issue which you believe is an in-scope security vulnerability, please email [email protected] and include:
- The website or page link, and/or the service in which the vulnerability exists.
- A brief description of the class of vulnerability (e.g. “XSS vulnerability”) – please keep this high level to avoid sharing the specific details of the vulnerability over an insecure channel.
- Once we have received your email alert, we will work with you to setup a secure method and channel to share specific details.
Please note: We will get back to you within 3 business days and let you know of any next steps necessary.