fbpx

www.pmattendant.com

Responsible Disclosure Policy

PM Attendant is providing this service to help ensure a safe and secure environment for all
users.

If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.

This policy applies to PM ATTENDANT hosted applications and to any other subdomains or services associated with products. PM ATTENDANT does not accept reports for vulnerabilities which solely affect marketing websites (www.pmattendant.com), containing no sensitive data.

Security researchers must not:

  • engage in physical testing of facilities or resources,
  • engage in social engineering,
  • send unsolicited electronic mail to PM ATTENDANT users, including “phishing”
    messages,
  • execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks,
  • introduce malicious software,
  • execute automated scans or tools that could disrupt services, such as password guessing
    attacks, or be perceived as an attack by intrusion detection/prevention systems,
  • test in a manner which could degrade the operation of PM ATTENDANT systems; or
    intentionally impair, disrupt, or disable PM ATTENDANT systems,
  • test third-party applications, websites, or services that integrate with or link to or from
    PM ATTENDANT systems,
  • delete, alter, share, retain, or destroy PM ATTENDANT data, or render PM
    ATTENDANT data inaccessible, or,
  • use an exploit to exfiltrate data, establish command line access, establish a persistent
    presence on PM ATTENDANT systems, or “pivot” to other PM ATTENDANT
    systems.


Security researchers may:

  • View or store PM ATTENDANT nonpublic data only to the extent necessary to
    document the presence of a potential vulnerability.


Security researchers must:

  • cease testing and notify us immediately upon discovery of a vulnerability,
  • cease testing and notify us immediately upon discovery of an exposure of nonpublic
    data, and,
  • purge any stored PM ATTENDANT nonpublic data upon reporting a vulnerability.


Thank you for helping to keep PM ATTENDANT and our users safe!