This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities directed at SlideRule Labs, Inc. (“Springboard”) systems, and submitting discovered vulnerabilities to Springboard.
Springboard recognizes that external security researchers can help to increase the security of Springboard systems, and we welcome contributions from security researchers, as set forth in this policy. If you have information about a vulnerability in a Springboard system, we encourage you to let us know right away.
Information submitted to Springboard under this policy will be used for defensive purposes – to mitigate or remediate vulnerabilities in our networks or applications, or the applications of our vendors.
Please review, understand, and agree to the following terms and conditions before conducting any testing of Springboard systems and before submitting a report. Thank you.
The Springboard website and applications located at springboard.com (and its subdomains). Third-party applications or websites are only within the scope when: (1) you are able to research vulnerabilities: (a) through the ordinary functioning of such website or app as it interacts with Springboard’s website or app, or (b) pursuant to the terms of such third party’s vulnerability disclosure program, and (2) the vulnerability impacts Springboard users or systems.
Please send your report to firstname.lastname@example.org. The report must include a detailed summary of the vulnerability, including: type of issue; step-by-step instructions to reproduce the issue; proof-of-concept; impact of the issue; and suggested mitigation or remediation actions, as appropriate.
By sending the report you are indicating that you have read, understand, and agree to the guidelines described in this policy for the conduct of security research and disclosure of vulnerabilities or indicators of vulnerabilities related to Springboard systems, and consent to having the contents of the communication and follow-up communications stored on Springboard systems.
Springboard will deal in good faith with researchers who discover, test, and submit vulnerabilities or indicators of vulnerabilities in accordance with these guidelines:
We take every disclosure seriously and very much appreciate the efforts of security researchers. We will investigate every disclosure and strive to ensure that appropriate steps are taken to mitigate risk and remediate reported vulnerabilities.
Springboard remains committed to coordinating with the researcher as openly and quickly as possible. This includes:
Information submitted to Springboard under this policy will be used for defensive purposes – to mitigate or remediate vulnerabilities in our networks or applications, or the applications of our licensors and vendors.
You must comply with all applicable Federal, state, and local laws in connection with your security research activities or other participation in this vulnerability disclosure program.
Your use of Springboard services, including for purposes of this program, remains subject to our Terms of Service. To the extent activities authorized by this policy are inconsistent with the provisions in the Rules For Using The Services heading of the Terms of Service, we waive those restrictions for the limited purpose of permitting security research under this policy.
Springboard does not authorize, permit, or otherwise allow (expressly or impliedly) any person or entity to engage in any security research or vulnerability or threat disclosure activity that is inconsistent with this policy or the law.
If you conduct your security research and vulnerability disclosure activities in accordance with the restrictions and guidelines set forth in this policy, (1) Springboard will not initiate or recommend any law enforcement or civil lawsuits related to such activities, and (“2”) in the event of any law enforcement or civil action brought by anyone other than Springboard, Springboard will take steps to make known that your activities were conducted pursuant to and in compliance with this policy.
Springboard may modify the terms of this policy or terminate the policy at any time.