Vulnerability Disclosure Policy
Effective date: March 1, 2024
TeliApp Corporation ("us", "we", or "our") operates the teliapp.com website and associated services (the "Service").
This page outlines our policy for receiving and addressing vulnerability reports related to our Service, services that we provide, and services that we manage. We value the security community and believe responsible disclosure benefits everyone.
Definitions
-
Service
Service includes the teliapp.com website, software, APIs, and cloud infrastructure operated by TeliApp Corporation.
-
Vulnerability
A security weakness that could potentially be exploited to compromise security or privacy.
-
Researcher
Any individual or entity that responsibly reports potential vulnerabilities.
Reporting Process
We encourage security researchers to share vulnerabilities with our security team:
-
Submit Reports To
cvey@teliapp.com (PGP key available on request)
-
Required Information
- Description of vulnerability
- Steps to reproduce
- Potential impact
- Suggested remediation (optional)
Scope
This policy applies to vulnerabilities in:
- TeliApp software
- TeliApp web services (teliapp.com)
- TeliApp Cloud API endpoints
Out of Scope:
- Third-party services not directly operated by TeliApp
- Social engineering or physical attacks
- Denial-of-service vulnerabilities
Safe Harbor
We will not pursue legal action against researchers who:
- Make good faith efforts to avoid privacy violations
- Do not exfiltrate data beyond what's needed to demonstrate vulnerability
- Give us reasonable time to address issues before public disclosure
- Comply with all applicable laws
Our Commitments
-
Response Timeline
- Initial response within 3 business days
- Status updates every 7 business days
- Resolution within 90 days (unless legally restricted)
-
CVE Assignment
As a CVE Numbering Authority (CNA), we will assign CVEs to valid vulnerabilities and publish them in the CVE List.
-
Acknowledgments
Researchers may be credited in security advisories upon request.
Policy Updates
We may update this policy from time to time. The "Effective date" at the top will indicate revisions.
Contact Us
For security-related inquiries:
- Email: cve@teliapp.com