Country:
United States
Language:

Report a security or privacy vulnerability

Ajax Systems Group (hereinafter also referred to as "we", "our", "Ajax Systems") wants to inform you of the possibility to responsibly report potential security threats, bugs, or other security concerns that may relate to Ajax Systems Products and Software.

In case if you find any security or privacy vulnerability that affects Ajax Systems Software or Product, please report us directly by email report.vulnerability@ajax.systems.

We kindly ask you to include the following information in your report:

  • E-mail address – with this information, we could easily reach out to you for any questions related to the vulnerability that you find;
  • A detailed description of the vulnerability, how it was discovered, and clear steps on how to reproduce the vulnerability;
  • Screenshots or other images of the vulnerability;
  • Proof of concept testing.

If you submit a vulnerability report, the Ajax Systems cybersecurity team will contact you at the specified mailing address within 72 hours of receipt of the report. We will inform you of the actions we have taken to mitigate and resolve the identified vulnerability.

Ajax Systems guarantees the confidentiality of the information provided. All data you provide to us as part of the report will be used solely for the purpose of communicating with you and resolving the vulnerability.

We kindly ask you to follow the best practices in vulnerability detection and not to take any unlawful or unethical actions related to security or privacy vulnerabilities, in particular:

  • Do not exploit a vulnerability or issue you identify;
  • Do not disclose the problem in public or to any other person until it is resolved;
  • Do not use unlawful ways to find or use the vulnerability, such as physical security attacks, social engineering, distributed denial of service, spam, or third-party applications.

Security and privacy are key values for Ajax Systems. We hope that you share these values and will follow the rules described in this policy in the event that you discover vulnerabilities in Ajax Systems Software or Products.

Edition by 20 February 2024