© 2024 Eclypsium, Inc.
Introduction
Eclypsium welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect, and what you can expect from us.
Eclypsium Supports Coordinated Vulnerability Disclosure
Eclypsium encourages researchers to follow coordinated disclosure procedures when reporting security issues in our products, services, websites, or infrastructure.
Eclypsium is committed to engaging with the research community in a positive, professional, mutually beneficial manner that protects our customers.
As a company comprised of former and current researchers, the Eclypsium Security Response Team strives to:
- Respond in a timely manner
- Keep reporting parties apprised of progress
- Notify reporting parties when the issue has been addressed
- Treat researchers honestly, fairly, and with respect.
- Acknowledge researcher discoveries and contributions to our program
As a standard practice for protecting our customers, Eclypsium will not confirm, discuss, or disclose any security issue or vulnerability until a fix has been released on all affected products, or implemented in the service(s), website(s), or infrastructure except with the reporting researchers.
Contacting Us
Please initiate communications with us via [email protected] to report security issues. Please provide a general overview of the issue in your first email.
Upon receipt we may establish secure communications with you via pgp or keybase.
We reserve the right to cancel or modify this program at any time.