Responsible Disclosure Policy

 

At Ribbon, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. When a vulnerability is discovered, Ribbon would like to know about it as soon as an issue is detected so we can take necessary steps to address it as quickly as possible. Ribbon asks for your help to better protect our clients and our systems.

Please do the following:

  • This policy is not applicable to Ribbon customers. If you are a customer under a maintenance contract, please log a case in the same manner that you log support requests or issues.
  • If you are not a customer, please e-mail your findings to security@rbbn.com. If possible, encrypt your findings using our PGP key (below) to prevent this critical information from falling into the wrong hands.
  • Do not take advantage of the vulnerability or problem you have discovered; for example, by downloading more data than necessary to demonstrate the vulnerability or deleting, or modifying other people's data.
  • Do not reveal the problem to others until it has been resolved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.
  • Provide enough information to reproduce the problem so we will be able to resolve it as quickly as possible.
  • For hosted services - usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
  • For appliances - the steps to reproduce, along with any information about software release, hardware model, serial number etc. may be needed.

What Ribbon will do:

  • Ribbon will respond to your report within three business days of our evaluation of your report and provide an expected resolution date.
  • Ribbon will handle your report with strict confidentiality.
  • Ribbon will keep you informed of the progress towards resolving the problem.
  • In any public disclosure regarding the reported problem, Ribbon will include your name as the discoverer of the problem (unless you desire otherwise).

We strive to resolve all problems as quickly as possible, and we thank you for reporting your experiences to us and assisting, as needed, in the ultimate publication of the problem.

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF1VcTsBDAC7r7yHYm96mWl0Dm+LqyhBqbMkN6SeQIxby+24Cai+h8Xy6RSt
OsBogz/4ZW+vo4xnsJYvO3NyvBCZe0US7VchhIi5MFRUccoLIqkNkCiHSR52tzsZ
8NEdbT82F89VVsVjV0wMra8DzIbeLqB/x/Bo13R/Zbv8IX5hhg/ip9xVT2Wv27sn
nWL0WqK7/Q6Ms32VOfqzSmYB/7AnEqJylN8VDDXE5hnheULF2zWw6F1iKVWnF/ZT
quZi/bj7uM5CTl1obGdgr+Eg5eMMiPL7ZdQXEnUbXhz437b3gNjBms/GkZYsCYOk
Y1UdUTcJ5AoutghHSBxCoKiJ0zoT2LoSDis5sMTabK4bjdJoAtLMOyZAZAyqsRWs
WCjy04f/T7WWL0dvwV0WxhaoaVu6rnSbXeqQduGsoYGMhgJnz4AhhCUioi7r/9fB
K4CZ3XHxuu1YQCBWnXeAzPOZ7SVkDAEwz5cMOUdXMGnVZbQbn1vm9qob9II/HQw8
/gApdeOwln3pPqMAEQEAAbRCUmliYm9uIENvbW11bmljYXRpb25zIChSZXNwb25z
aWJsZSBEaXNjbG9zdXJlKSA8c2VjdXJpdHlAcmJibi5jb20+iQHOBBMBCgA4FiEE
qBy9x4LWiv/GvRHsusmPOxIGQVkFAl1VcTsCGwMFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQusmPOxIGQVlwfAv/fDae9qXAhip2d5EINnBsAFGhpB8Az9R8LSfI
8qdJ+A/p+hta4xqb0oAuJX7IxgIbXeh6BKW9wq2mYipOKp51fHowuzXoY6iOgX/u
vgY4OxVe01+PKvv9Sc14mvVbB0a4XXQGtzLtRsQJMMSLYn2cYozvYDS5f/8NPvMl
xyzJ2HwOEyHofwFFFPihM9I13p5aNNWqKnoHAN9g72NINog/kEgxM78/7lxjlwMG
GwJvZINK3cBeh9iUB6E/EmFkS1EtXWDYemhA8VIl8BXod67bafOCWtw8O66+LTuB
89c8iACHQcZwvindPbG2RVW/p5Lo/c7KmyaMULkVDu4gtNdv+9keY7EAEi8BnA7j
CxNmUXQ6KI+4llb4qKrFTfrrGt8/Xk97Yq0lxIr2Zib5BGud6fSuJvnT8tUNRo0+
MD7bDiYmsoGPhCfE7TIwx+0Nude6FIZb2PITxqjQOivcgKEkj12NPJd6F5bA1pkR
ofm3n+aRi/gCF23yPeEUuBMRsiF3uQGNBF1VcTsBDADunyGImWRAHCO3gy9iEuuV
7y2gd1zrEwfDB6scsFfG3RnYp6vFRKdMnp0j47wvU8ZZiZ+R1jSjp1vFzTqoFA21
uT+/kLozAyKo+vZeoWVI9u9+OY865ePckKUm6X1/AVKKcWk/QtLcEyyuNhaB/Hku
QUfM7SPeG0aqcCVbpWnPyEsq0+MZht6UiT//6YXlzZyA4OXCYaIl09YctMiboFk5
ASoCHYz+R3BQX49mKpmekOSgS1wxr2ObZtIH5N1p1uqjb1ySP1aRoVezRNZhUgpc
DB+Wj3aqQX5d05zv1UPwTTJcTlEtQL29YTeNcBk7ctji4LzHQTbpneyC+vhcDQvH
h6YexVU/mLIGBozgJmRoq3bQpiY+sbOLXVQ6yGrgMVa5HoEEHSJS4gIFAMpyjfrU
h86EfrnPejXwcr32yyhTMDyXDRr3AOXiSBqW4gD3ncOhKv9u7sKAT1Q7xF2NUP5h
esr4fW21/Vcs8QjfeGDjNX8qgLNyvsJjf6PTtH5Cs10AEQEAAYkBtgQYAQoAIBYh
BKgcvceC1or/xr0R7LrJjzsSBkFZBQJdVXE7AhsMAAoJELrJjzsSBkFZ6j4L/0zY
2TgiLi55TsGcLbbhK+60ObNUyF3BRyrxqIkyqKVUfEjIlIAqJrg5Ijh8+SFLJxRq
pG972edgOQIH7d7+f/nxOR9mECDBmzYBWXviypqMUB7CaZjEvGyYg0wsr3pZlGzk
UM0pd30Qzgvkhsw/Ai0IeC4AsnqwsC4dn+iCmTw3xpKAI/dYsrXkNTpc+cj1e4rY
XYc2bLVP4HoH9FbhqJ4Zb6RoeLd4xBYCZ4DlqF2gyDWJcl9f+7kTa51VWMOA+Mow
RB/EZjgCXW4sRik/T5hegQTN/C5pa5hhMM0Fo4ym0co7ihtd8jQY/CziVbwc0GMy
xSRuxXh/l7eUTNzwKVhYlwZj5bjB8r+TSGq4yDEB+2M4qhLMg1GdC9UExanyXfvr
ZguO1b72Eopx5ls0KuOQRJ4W+R1BuWOPhC1s1oP6VqZV6g1oV/eotD5U2m/3p4e6
zjmx0KEykNOwUN6je8PdWJn2oyPAQSe+qay/YRuQrCL6qckJV3GgHlTApU/INg==
=AWK0
-----END PGP PUBLIC KEY BLOCK-----