Introduction
Commtel is dedicated to safeguarding the security and integrity of our digital infrastructure and the data entrusted to us. We recognize the invaluable role that the broader cybersecurity community plays in enhancing our security posture by identifying and responsibly reporting security vulnerabilities. This Vulnerability Disclosure Policy defines our framework for the responsible disclosure of security vulnerabilities within Commtel’s systems, applications, and services.
Scope
This policy applies to all individuals, security researchers, and organizations who discover potential security vulnerabilities within Commtel’s digital assets and are willing to collaborate with us to address these issues.
Responsible Disclosure
We actively encourage security researchers and anyone who identifies a potential security vulnerability to responsibly disclose their findings to us. To report a vulnerability, please follow the comprehensive guidelines outlined below:
Reporting Process
Report your findings to security@commtel.io, providing a detailed and clear description of the vulnerability, including the following:
- Affected System or Application – Specify which system or application is affected by the vulnerability.
- Vulnerability Details – Provide a detailed explanation of the vulnerability, including the exact nature of the issue and the potential impact.
- Reproduction Steps – Clearly outline the steps necessary to reproduce the vulnerability.
- Contact Information – Include your full name and a secure method of contact.
- Subject Line – Use the subject line “Commtel Vulnerability Report” in your email.
Response
- Acknowledgment – Upon receipt of your report, Commtel will send a initial acknowledgment within 5 working days.
- Investigation – Our security team will conduct a thorough investigation to assess the severity and validity of the reported vulnerability.
- Remediation – If the vulnerability is confirmed, we will work diligently to address and remediate it as promptly as possible.
- Communication – We will maintain open and transparent communication with you throughout the remediation process to keep you informed of our progress.
Coordination
We greatly value the contribution of security researchers. Therefore, we may, with your consent, publicly acknowledge your efforts and contributions to our security enhancements when appropriate.
Guidelines
To ensure responsible disclosure, we request that you adhere to the following guidelines:
- Confidentiality – Do not disclose the vulnerability publicly or to any third party until Commtel has been provided with a reasonable amount of time to investigate and address the issue.
- Responsible Testing – Do not engage in activities that could lead to unauthorised access, data leakage, or service disruption.
- No Unauthorised Sharing – Do not share the details of the vulnerability with any parties other than Commtel.
Legal Protections
Commtel is committed to fostering a cooperative and supportive environment for security researchers. We will not initiate legal action against individuals or organizations acting in good faith and in accordance with this policy. We are also dedicated to safeguarding your privacy and ensuring transparency throughout the disclosure process.
Contact Information
For vulnerability reports or inquiries related to this policy, please contact our security team at security@commtel.io.
Revision and Updates
This Vulnerability Disclosure Policy may be periodically updated. Any modifications will be promptly posted on our official website.