LogicGate takes the protection of our customers' data very seriously and acknowledges the critical role that independent security researchers play in ensuring the safety and security of our customers. In an effort to protect our digital ecosystem, we’ve created this page to allow security researchers to report any potential security issues they may find.
Vulnerability Disclosure Program (VDP)
If you have discovered or believe you have discovered potential security vulnerabilities in a LogicGate service that is within the scope set forth below, we encourage you to promptly disclose your discovery to us in accordance with the policies and procedures outlined on this page.
The LogicGate InfoSec Commitment
- Maintain trust and confidentiality in our exchanges with researchers who report to the program and comply with the terms of this VDP. For submissions that are valid and comply with the terms of this VDP
- Provide acknowledgement of receipt.
- Provide an estimated time frame for addressing the report.
- Notify you when the vulnerability has been validated and fixed.
What we ask of you:
- Trust. As we promise to maintain trust and confidentiality with you, we ask that you do the same with us. We expect you not to disclose any information regarding your submission’s details without express written permission from our team.
- Well-written English reports. Please provide as much information in your report as made available in the below submission form.
- Adhere to scoping and terms outlined in this policy
Safe Harbor
Activities conducted in a manner consistent with this policy and in good-faith will be considered authorized conduct and we will not initiate legal action against you. That means that researchers must submit potential vulnerabilities through our Vulnerability Reporting Form below. Additionally, LogicGate will not pursue legal action against individuals who: report vulnerabilities within the scope of the VDP, conduct research without harming LogicGate or its customers or end-users, obtain permission/consent from any customer before attempting to conduct any research which may impact a customer (i.e., before testing their software, systems, etc.), and adhere to all applicable laws when conducting research including the laws of the State of Illinois, U.S. federal law, and the laws governing the location of the researcher), and refrain from publicly disclosing vulnerability details before a mutually-agreed upon timeframe expires.
LogicGate does not permit the following types of security research:
- Testing the physical security of our offices, employees, equipment, etc.
- Conducting non-technical attacks such as social engineering or phishing attacks against LogicGate employees, contractors, vendors, or service providers.
- Denial of Service (DOS) attacks or any other testing that would degrade or otherwise materially impact the operation of our systems.
- Accessing, downloading, or modifying data residing in an account that does not belong to you.
- Testing that would result in sending bulk messages (e.g., spam) or other unsolicited messages.
- Testing third party applications or services.
- Knowingly transmitting, posting, uploading, linking to, or sending malware or malicious code of any type when conducting research.
- Defacing any of our assets.
Additional Terms:
- If we are unable to resolve communication issues or other problems, LogicGate may retain a neutral third party (e.g., CERT/CC , ICS-CERT, or the relevant regulator) to assist in determining how best to handle the vulnerability.
- LogicGate may adjust the scope of its VDP and the terms of this Policy as our security needs evolve or as otherwise needed.
Submit your vulnerability report, including all findings, relevant information, and supporting documentation to the following email address: [email protected]. Please remember to include as much information in a clear manner to help facilitate validation.
LogicGate reserves the right to periodically update this VDP Policy in its sole discretion.