Policies
Vulnerability Disclosure Policy (VDP)
1. Introduction
This Vulnerability Disclosure Policy (VDP) outlines our commitment to cybersecurity and provides a clear process for reporting potential vulnerabilities in our systems. We encourage responsible disclosure of potential security vulnerabilities in a responsible manner to Harbor.
2. Scope
This policy applies to all digital assets owned, operated, or maintained by our organization. It includes websites, applications, APIs, and infrastructure components that are publicly accessible or otherwise in scope as defined by our security team.
3. Reporting Process
We encourage security researchers and members of the public to report vulnerabilities to Harbor in a responsible manner by following these steps:
- Submit a detailed report via our official reporting channel (see Contact Information).
- Include a description of the vulnerability, steps to reproduce, and potential impact.
4. Handling Process
Upon receiving a report, we will:
- Assess the report and validate the vulnerability.
- Coordinate remediation efforts internally in a manner designated by Harbor in order to protect the security of Harbor’s data and those potentially affected by a reported vulnerability.
5. Legal Safe Harbor
We will not initiate legal action against individuals who report vulnerabilities in good faith and in accordance with this policy.
6. Non-Compliance With This Policy
Harbor does not authorize any person or other business or legal entity to engage in any security research or vulnerability which is inconsistent with this policy or the law. These include the following activities:
- Accessing, downloading, or modifying data residing in an account that does not belong to the security researcher.
- Publicly disclosing any potential vulnerability without Harbor’s express written consent.
- Uploading or storing any malicious software on any Harbor systems and any security testing which may degrade the security of any Harbor systems.
- Any security testing which would result in any unsolicited or unauthorized messages, including any junk mail or spam.
- Any security testing of any third-party applications or systems that may be integrated into any Harbor systems.
Harbor reserves all legal rights in the event of any non-compliance with this Policy.
7. Contact Information
To report a vulnerability, please use this online form.