Keeping our customer's data safe is our #1 priority. We take vulnerability disclosure seriously and work hard to protect our customer and their data.
SoWork believes that no technology is perfect and working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.
If you would like to report a vulnerability or have any security concerns, please contact [email protected]
Disclosure Policy
- If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected]. We will acknowledge your email within one week.
- Include proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Once disclosures are received, we rapidly verify each vulnerability before taking the necessary steps to fix it.
- Provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or a third party.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
Thank you for helping keep SoWork and our users safe!
Exclusions
While researching, we'd like to ask you to refrain from:
- Denial of service
- Spamming
- Social engineering (including phishing) of SoWork staff or contractors
- Any physical attempts against SoWork property or staff
Safe Harbor
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Security Commitments