Introduction
AtScale is committed to ensuring the security and privacy of our customers. We recognize the importance of identifying and addressing security vulnerabilities in our products and services. To help us achieve this goal, we have established a Vulnerability Disclosure Program (VDP) specifically for our valued customers.
Scope
This VDP policy applies to AtScale customers who use our products and services. It is not open to the general public.
Reporting Process
If you believe you have discovered a security vulnerability in AtScale products or services, we encourage you to follow these steps to report it:
-
Submission Methods: Customers raise a ticket in the AtScale Customer Portal.
Customer Portal Link: https://customers.atscale.com
- Information Required: When reporting a security vulnerability, please provide the following information:
- Vulnerability Name
- Vulnerable URL or endpoint and version of AtScale
- Necessary Information about vulnerability
- Current Impact of this issue on business operations
Out-of-Scope Vulnerabilities
- Content spoofing/text injection.
- Previously known vulnerable libraries without a working Proof of Concept.
- Open ports without additional PoC.
- Exposed API keys without a clear demonstration of security impact.
- Missing cookie flags on non-security sensitive cookies.
Communication and Response
Upon receiving a vulnerability report, Atscale will acknowledge the receipt within the defined SLA.