Responsible Disclosure Policy

Overview

Halo Security is dedicated to keeping its users' data protected. Security and trust are integral to our business, and one way of demonstrating that is by ensuring that the research community can easily notify us of security threats that may impact the safety of our users.

Halo Security will work with security researchers that report vulnerabilities to us in accordance with this policy. We will validate and fix reported vulnerabilities and won’t take legal action against those who report security vulnerabilities in accordance with this policy.

Disclosure

Guidelines

Provide us with the information needed and steps required to reproduce the issue
Include proof-of-concept code when available
Do not attempt to access user data outside of accounts you have created
Do not attempt to harm the availability of the service
Do not engage in social engineering attacks against Halo Security employees or customers
Do not disclose any confidential information without prior written consent from Halo Security
When in doubt, please email security@halosecurity.com for guidance

To report a vulnerability, email the details to security@halosecurity.com.

Response

We will investigate and respond as soon as possible.

Questions

If you have any questions, please email us at security@halosecurity.com.

Discovery

Firewall Scanning

Website Scanning

Technology Scanning

Server Scanning

Application Scanning