Skip to main content

Vulnerability Disclosure Policy

Introduction

Telementum Global, LLC (“the Company,” “we,” “our,” or “us&dquo;) is committed to maintaining the security and privacy of our systems, data, and customers. This Vulnerability Disclosure Policy outlines the process for external security researchers and users to report vulnerabilities they may discover in our systems and applications. Our goal is to foster collaboration with the security community to help identify and resolve vulnerabilities promptly.

Scope

This policy applies to all systems, websites, and applications owned or operated by Telementum Global, LLC. It includes:

  • Public and private websites.
  • Mobile applications.
  • APIs and web services.
  • Cloud infrastructure and internal systems.

Responsible Disclosure

We appreciate the responsible disclosure of vulnerabilities, which helps us improve the security of our systems. We ask that researchers follow the guidelines below:

  1. Do Not Exploit Vulnerabilities: Once a vulnerability is discovered, please refrain from exploiting it in any way that could harm the system, its users, or the data.
  2. Avoid Accessing Sensitive Data: Do not attempt to access or alter sensitive data unless it is necessary to confirm the vulnerability. If sensitive data is accessed accidentally, please report it immediately and delete any information obtained.
  3. No Denial of Service (DoS) Attacks: Do not engage in any denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks, or any activity that could cause a disruption to our services.
  4. No Social Engineering: Please do not attempt to use social engineering techniques, phishing, or other manipulative tactics to exploit the vulnerability.

How to Report a Vulnerability

If you discover a security vulnerability, please report it directly to us using the following process:

  1. Submit a Report: Vulnerability reports should be submitted to our security team at security@telementum.com.
  2. Details of the Vulnerability: Your report should include:
    • A clear description of the vulnerability.
    • The affected system, service, or application.
    • Steps to reproduce the issue (if applicable).
    • The potential impact of the vulnerability.
    • Any suggestions for remediation, if available.
  3. Confidentiality: We request that you do not publicly disclose the vulnerability until we have had the opportunity to investigate and address it. We will notify you when the vulnerability has been fixed and discuss the appropriate public disclosure timeline.

What to Expect After Reporting

  1. Acknowledgment: We will acknowledge the receipt of your report within 3 business days.
  2. Evaluation: Our security team will evaluate the reported vulnerability to assess its severity, potential risks, and the best course of action for remediation.
  3. Remediation: If the vulnerability is confirmed, we will work to resolve the issue as quickly as possible. We will notify you once the vulnerability has been patched or mitigated.
  4. Communication: If the vulnerability is significant and requires public disclosure, we will work with you to coordinate a responsible disclosure process.

Rewards and Recognition

Telementum Global, LLC may offer recognition for impactful reports and contribute to a positive relationship with the security research community. While we do not have a formal bounty program at this time, we encourage researchers to report responsibly and collaborate with us to improve security.

Legal Considerations

Telementum Global, LLC adheres to all applicable laws regarding cybersecurity, data protection, and privacy. By participating in the vulnerability disclosure process, you agree to comply with all applicable laws, including not accessing unauthorized data or systems.

Security Standards

We prioritize securing our systems by following industry best practices, including regular patching, vulnerability scanning, and penetration testing. We are committed to improving our security posture through continuous efforts, including addressing vulnerabilities identified by external researchers.

Updates to This Policy

Telementum Global, LLC reserves the right to update this Vulnerability Disclosure Policy at any time. Any changes will be communicated through this document, and updates will be effective immediately upon posting.

Contact Information

For questions or to report a vulnerability, please contact our security team at: