Vulnerability Reporting
Doulos treats the security of our systems and protection of our customer data as a priority. If you have discovered a weakness in any of our systems, we want to be the first to know about it. To report an issue, please contact responsible.disclosure@doulos.com with as much detail as you can and we will investigate and correct it as soon as possible.
Responsible Investigation
While we appreciate being notified immediately, there are potential legal implications of misuse of any information you should not have access to. Therefore, please ensure you follow these guidelines if you discover a security issue with a Doulos system:
- Do not share the information with anyone other than Doulos (using the email address above). Once we have assessed the report, we can arrange co-ordinated disclosure, if required, at an appropriate level for the severity of the issue.
- Do not attempt to disrupt services. If you come across a means to do this, document it as best you can and give us the information. Do not attempt to recreate the issue as this could be interpreted as a denial-of-service attack. If we require more help recreating the issue from you later, we can arrange suitable permission and an agreed means to perform the test.
- Do not modify or destroy any data on our systems.
- If you have accessed data belonging to Doulos or regarding our other customers, remove this information from your systems as soon as you have informed us of the means of access and do not attempt to access any further information which you should not have access to.