The Causeway Security Disclosure Policy
Causeway takes the protection of our customers’ data very seriously and acknowledges the valuable role that well-intentioned independent security researchers play in internet security. As such, we welcome responsible reporting of any security vulnerabilities that may be found in our site or applications. A security vulnerability is something which impacts the confidentiality, integrity, or availability of Causeway data, its applications or its systems or its customers’ data.
Causeway is committed to working with security researchers to verify and address any potential security vulnerabilities that are reported to us.
Causeway will not seek prosecution of any security researcher who reports any suspected security vulnerability in good faith and in accordance with this policy.
Please review these terms before you test and/or report a vulnerability.
Reporting a potential security vulnerability
Full details of the suspected security vulnerabilities should be privately reported by sending an email to firstname.lastname@example.org
Whilst we welcome responsible reporting of security vulnerabilities, you must not:
- Disrupt any Causeway or its customers’ services or systems
- Perform actions that may negatively affect Causeway, its customers or its users (e.g. spamming denial of service attacks etc)
- Access, destroy or corrupt, or attempt to access, destroy or corrupt, data or information that does not belong to you
- Conduct any type of physical or electronic attack on Causeway personnel, property or its partners’ data centres
- Social engineer or violate the privacy of any Causeway personnel
- Breach any laws or any agreements in order to discover security vulnerabilities
What you can expect from Causeway
Please do not share or publicise an unresolved security vulnerability with any third parties. If you responsibly submit a vulnerability report, the Causeway security team will use reasonable efforts to:
- Acknowledge receipt of your vulnerability report in a timely manner
- Try to validate and reproduce the issue and will prioritise through our internal process
- Notify when the vulnerability has been resolved
- Thank every individual who submits a vulnerability report helping us improve Causeway’s security.
For any feedback or queries relating to this policy, please email email@example.com