Vulnerability Disclosure Policy (VDP)
Last updated: September 28, 2024
Introduction
Elara Aerospace is dedicated to maintaining the security of our systems and protecting user data. This Vulnerability Disclosure Policy outlines how security researchers can report vulnerabilities in our systems and what to expect in return.
Scope
This policy applies to:
- All internet-facing systems and applications owned and rented by Elara Aerospace.
- Specific types of vulnerabilities, including but not limited to:
- Cross-Site Scripting (XSS)
- SQL Injection (SQLI)
- Remote Code Execution (RCE)
- Authentication Flaws
Reporting a Vulnerability
To report a vulnerability, please follow these guidelines:
- Submission Method: Reports can be submitted via team@elara-aerospace.com.
- Required Information:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant technical details or proof-of-concept code.
- Anonymous Reporting: Researchers may submit reports anonymously but are encouraged to provide contact information for follow-up.
Safe Harbor
If you report a vulnerability in accordance with this policy:
- Elara Aerospace will not pursue legal action against you.
- You must act in good faith, avoiding any actions that could harm our systems or data integrity.
- Do not exploit the vulnerability beyond what is necessary to demonstrate its existence.
Response Timeline
Upon receiving your report, we commit to:
- Acknowledge receipt within 72 hours. During semester holidays up to one week.
- Provide updates on remediation progress within specified timeframe.
Expectations from Researchers
Researchers are expected to:
- Conduct testing in a manner that does not disrupt services or compromise user data.
- Keep details of the vulnerability confidential until it has been resolved.
- Avoid using automated scanning tools or denial-of-service attacks.
Conclusion
We appreciate your efforts in helping us secure our systems. By following this policy, you contribute to enhancing the security of Elara Aerospace and protecting our members, our users and our mission.