Responsible Disclosure Policy for Illumio.com
Illumio cares deeply about maintaining the trust and confidence that our customers place in us. Therefore, the security of our products and services are of paramount importance to us. If you are a security researcher and have discovered a security vulnerability in one of our products and services, we appreciate your help in disclosing it to us in a responsible manner. Illumio endeavors to engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy and the HackerOne Disclosure Guidelines. Illumio reserves all legal rights in the event of any noncompliance.
We encourage security researchers to share the details of any suspected vulnerabilities with the Illumio Information Security Team by providing the information in the form below (https://hackerone.com/illumio). Illumio will review the submission to determine if the finding is valid and has not been previously reported. At Illumio’s discretion, you may be eligible for monetary compensation for your efforts. We require security researchers to include detailed information with steps for us to reproduce the vulnerability.
If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy and the HackerOne Disclosure Guidelines, Illumio commits to:
- Working with you to understand and validate the issue
- Addressing the risk if deemed appropriate by Illumio team
ALL SUBMISSIONS ARE STRICTLY CONFIDENTIAL. TO BE ELIGIBLE TO PARTICIPATE IN THE PROGRAM, YOU AGREE TO KEEP YOUR SUBMISSIONS CONFIDENTIAL, AND NOT TO DISCLOSE YOUR SUBMISSIONS TO ANY THIRD PARTY, WITHOUT OUR PRIOR WRITTEN CONSENT. In addition, to remain compliant you are prohibited from:
- executing or attempting to execute any “Denial of Service” attack
- posting, transmitting, uploading, linking to, sending, or storing any malicious software
- testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of duplicative or unsolicited messages
- testing in a manner that would degrade the operation of any Illumio properties