... Skip to content

InspireIP
Responsible Disclosure

Overview

InspireIP is committed to the security of our systems, products, and our customer information. We appreciate the valuable contributions of the Cyber Security community. To work with us better, we’d like to share a few guidelines on reporting vulnerabilities to us. We expect that each security researcher aligns with our core values throughout their engagement with us. This will help facilitate a collaborative working environment and instil trust in all participants of the engagement.

If you believe you have identified a potential security vulnerability, please share it with us by following the submission guidelines below.

Vulnerability submissions

Our vulnerability disclosure program is hosted and managed by Sprinto.

Guidelines

  • Provide InspireIP with all appropriate information to quickly resolve the issue and minimize confusion around what was discovered and how.
  • Keep communication channels open to allow effective collaboration.
  • Do not engage in any activity that can potentially or actually cause harm to InspireIP, our customers, or our employees.
  • Do not engage in any activity that can potentially or actually stop or degrade InspireIP services or assets.
  • Do not store, share, compromise, or destroy InspireIP or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact InspireIP. This step protects any potentially vulnerable data, and you.
  • Do not engage in any activity that violates:
  • Federal or state laws or regulations
  • The laws or regulations of any country where:
    • Data, assets, or systems reside,
    • Data traffic is routed, or
    • The researcher is conducting research activity.
  • Keep information about any vulnerability you’ve discovered confidential between yourself and until we have had at least 90 days to review and resolve the issue. It is important to note that the timeframe for us to review and resolve an issue may vary based on a number of factors, including the complexity of the vulnerability, and the risk that the vulnerability may pose, among others. 
Report A Vulnerability

How can you report a vulnerability?

Please report any potential security vulnerabilities to us by following the submission guidelines below.

Summary

Help us get an idea of what this vulnerability is about.

Description

Describe the vulnerability and its impact. Provide proof-of-concept or steps to replicate it.

URL / Location of vulnerability (optional)

For example: https://secure.server.com/some/path/file.php

Evidence link (optional)

Share the link to the proof-of-concept scripts, screenshots, screen recordings, or other relevant files. Ensure that the necessary viewing access is granted.

Send the above information to [email protected] to report the vulnerability.

What can you expect from us?

  • We will work with you to understand and resolve the issue in an effort to increase the protection of our customers and systems.
  • When you follow the guidelines that are laid out above, we will not pursue or support any legal action related to your research.
  • We will respond to your report within 7 business days of submission.
  • We do not operate a bug bounty program, and we make no offer of reward or compensation in exchange for submitting potential issues.

Contact Us

We are here to help you with any questions, requests, bug reports, or feedback you may have.

Any topic, just drop us a message and we will get back to you in 24 hours.