Biscom Responsible Disclosure Program
The information on this page is intended for anyone interested in responsibly reporting security vulnerabilities to the Biscom security team.
If you believe you have identified a potential security vulnerability, please share it with us following the guidelines below. Please note Biscom does not operate a bug bounty program and we make no offer of reward or compensation for sharing potential security vulnerabilities.
For all submissions, please include your contact information and we will respond with a method to provided us the following information securely:
- Steps to reproduce the vulnerability (screen captures are welcome)
- Sites, service, or product that the vulnerability was discovered in
- Tools used
When working with us according to this policy, you can expect us to work with you to understand and validate your report, including a timely initial response to the submission. For the protection of our customers, Biscom generally does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary patches or releases are available.
To report security or privacy issues that affect Biscom products, services, or web servers, please contact: [email protected]. Biscom commits to responding to all submissions within two business days. We will do our best to keep you apprised of the status of all your submissions.
- Do not engage in any actions that could negatively impact the customers experience on our websites, services, or applications for Biscom customers.
- Do not take any actions that could potentially or literally cause harm to our customers or employees.
- Do not engage in any activity that violates (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity.
- Do not store, share, compromise or destroy any Biscom or customer data. If non-public information is encountered, you should immediately cease all activity, purge the data from your system and contact Biscom. This serves to protect both Biscom and you.
- Do not attempt to scan, probe, or gain access to any portions of Biscom’s services, networks, and products.
- Do not attempt to access data which you have not already been granted explicit access.
- Do not perform social engineering attacks against Biscom employees, customers, partners, or representatives
- Do not perform physical security attacks against any person or entity
- Do not perform denial of service or brute force attacks
While engaging with us, we ask that reporters honor responsible disclosure principles and processes and give Biscom an opportunity to evaluate, respond, and if necessary, remediate any confirmed security vulnerabilities prior to public disclosure.