At Ribbon, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. When a vulnerability is discovered, Ribbon would like to know about it as soon as an issue is detected so we can take necessary steps to address it as quickly as possible. Ribbon asks for your help to better protect our clients and our systems.
Please do the following:
- This policy is not applicable to Ribbon customers. If you are a customer under a maintenance contract, please log a case in the same manner that you log support requests or issues.
- If you are not a customer, please e-mail your findings to firstname.lastname@example.org. If possible, encrypt your findings using our PGP key (below) to prevent this critical information from falling into the wrong hands.
- Do not take advantage of the vulnerability or problem you have discovered; for example, by downloading more data than necessary to demonstrate the vulnerability or deleting, or modifying other people's data.
- Do not reveal the problem to others until it has been resolved.
- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.
- Provide enough information to reproduce the problem so we will be able to resolve it as quickly as possible.
- For hosted services - usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
- For appliances - the steps to reproduce, along with any information about software release, hardware model, serial number etc. may be needed.
What Ribbon will do:
- Ribbon will respond to your report within three business days of our evaluation of your report and provide an expected resolution date.
- Ribbon will handle your report with strict confidentiality.
- Ribbon will keep you informed of the progress towards resolving the problem.
- In any public disclosure regarding the reported problem, Ribbon will include your name as the discoverer of the problem (unless you desire otherwise).
We strive to resolve all problems as quickly as possible, and we thank you for reporting your experiences to us and assisting, as needed, in the ultimate publication of the problem.
-----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBF1VcTsBDAC7r7yHYm96mWl0Dm+LqyhBqbMkN6SeQIxby+24Cai+h8Xy6RSt OsBogz/4ZW+vo4xnsJYvO3NyvBCZe0US7VchhIi5MFRUccoLIqkNkCiHSR52tzsZ 8NEdbT82F89VVsVjV0wMra8DzIbeLqB/x/Bo13R/Zbv8IX5hhg/ip9xVT2Wv27sn nWL0WqK7/Q6Ms32VOfqzSmYB/7AnEqJylN8VDDXE5hnheULF2zWw6F1iKVWnF/ZT quZi/bj7uM5CTl1obGdgr+Eg5eMMiPL7ZdQXEnUbXhz437b3gNjBms/GkZYsCYOk Y1UdUTcJ5AoutghHSBxCoKiJ0zoT2LoSDis5sMTabK4bjdJoAtLMOyZAZAyqsRWs WCjy04f/T7WWL0dvwV0WxhaoaVu6rnSbXeqQduGsoYGMhgJnz4AhhCUioi7r/9fB K4CZ3XHxuu1YQCBWnXeAzPOZ7SVkDAEwz5cMOUdXMGnVZbQbn1vm9qob9II/HQw8 /gApdeOwln3pPqMAEQEAAbRCUmliYm9uIENvbW11bmljYXRpb25zIChSZXNwb25z aWJsZSBEaXNjbG9zdXJlKSA8c2VjdXJpdHlAcmJibi5jb20+iQHOBBMBCgA4FiEE qBy9x4LWiv/GvRHsusmPOxIGQVkFAl1VcTsCGwMFCwkIBwIGFQoJCAsCBBYCAwEC HgECF4AACgkQusmPOxIGQVlwfAv/fDae9qXAhip2d5EINnBsAFGhpB8Az9R8LSfI 8qdJ+A/p+hta4xqb0oAuJX7IxgIbXeh6BKW9wq2mYipOKp51fHowuzXoY6iOgX/u vgY4OxVe01+PKvv9Sc14mvVbB0a4XXQGtzLtRsQJMMSLYn2cYozvYDS5f/8NPvMl xyzJ2HwOEyHofwFFFPihM9I13p5aNNWqKnoHAN9g72NINog/kEgxM78/7lxjlwMG GwJvZINK3cBeh9iUB6E/EmFkS1EtXWDYemhA8VIl8BXod67bafOCWtw8O66+LTuB 89c8iACHQcZwvindPbG2RVW/p5Lo/c7KmyaMULkVDu4gtNdv+9keY7EAEi8BnA7j CxNmUXQ6KI+4llb4qKrFTfrrGt8/Xk97Yq0lxIr2Zib5BGud6fSuJvnT8tUNRo0+ MD7bDiYmsoGPhCfE7TIwx+0Nude6FIZb2PITxqjQOivcgKEkj12NPJd6F5bA1pkR ofm3n+aRi/gCF23yPeEUuBMRsiF3uQGNBF1VcTsBDADunyGImWRAHCO3gy9iEuuV 7y2gd1zrEwfDB6scsFfG3RnYp6vFRKdMnp0j47wvU8ZZiZ+R1jSjp1vFzTqoFA21 uT+/kLozAyKo+vZeoWVI9u9+OY865ePckKUm6X1/AVKKcWk/QtLcEyyuNhaB/Hku QUfM7SPeG0aqcCVbpWnPyEsq0+MZht6UiT//6YXlzZyA4OXCYaIl09YctMiboFk5 ASoCHYz+R3BQX49mKpmekOSgS1wxr2ObZtIH5N1p1uqjb1ySP1aRoVezRNZhUgpc DB+Wj3aqQX5d05zv1UPwTTJcTlEtQL29YTeNcBk7ctji4LzHQTbpneyC+vhcDQvH h6YexVU/mLIGBozgJmRoq3bQpiY+sbOLXVQ6yGrgMVa5HoEEHSJS4gIFAMpyjfrU h86EfrnPejXwcr32yyhTMDyXDRr3AOXiSBqW4gD3ncOhKv9u7sKAT1Q7xF2NUP5h esr4fW21/Vcs8QjfeGDjNX8qgLNyvsJjf6PTtH5Cs10AEQEAAYkBtgQYAQoAIBYh BKgcvceC1or/xr0R7LrJjzsSBkFZBQJdVXE7AhsMAAoJELrJjzsSBkFZ6j4L/0zY 2TgiLi55TsGcLbbhK+60ObNUyF3BRyrxqIkyqKVUfEjIlIAqJrg5Ijh8+SFLJxRq pG972edgOQIH7d7+f/nxOR9mECDBmzYBWXviypqMUB7CaZjEvGyYg0wsr3pZlGzk UM0pd30Qzgvkhsw/Ai0IeC4AsnqwsC4dn+iCmTw3xpKAI/dYsrXkNTpc+cj1e4rY XYc2bLVP4HoH9FbhqJ4Zb6RoeLd4xBYCZ4DlqF2gyDWJcl9f+7kTa51VWMOA+Mow RB/EZjgCXW4sRik/T5hegQTN/C5pa5hhMM0Fo4ym0co7ihtd8jQY/CziVbwc0GMy xSRuxXh/l7eUTNzwKVhYlwZj5bjB8r+TSGq4yDEB+2M4qhLMg1GdC9UExanyXfvr ZguO1b72Eopx5ls0KuOQRJ4W+R1BuWOPhC1s1oP6VqZV6g1oV/eotD5U2m/3p4e6 zjmx0KEykNOwUN6je8PdWJn2oyPAQSe+qay/YRuQrCL6qckJV3GgHlTApU/INg== =AWK0 -----END PGP PUBLIC KEY BLOCK-----