RESPONSIBLE DISCLOSURE POLICY
At AGROFY, we believe that the security of the data of our users, customers, suppliers and employees is very important, and for this reason we encourage those who have discovered potential security vulnerabilities on our site and/or the products and services we provide, to contact us and inform us about it in a responsible manner.
The purpose of this Policy is to encourage reports that help us protect the infrastructure, systems and data, helping to avoid affecting the Confidentiality, Integrity and/or Availability of the information of our users, customers, suppliers and employees or of AGROFY.
Therefore, in case you have discovered any potential vulnerability, we invite you to report it to us, respecting the guidelines detailed below:
- Before making your discovery public, it is important that you contact us to analyze it so that we can work on solving or patching the problem as soon as possible.
- To communicate with us, send us an email to security@agrofy.com describing the nature of the error or finding, identify the steps required to replicate it, the applications, programs and/or tools you used to detect the vulnerability and the date and time you performed the tests.
- Include your contact information so that we can respond to you in case we need to make any additional queries and/or to send you an official and formal email acknowledging your contribution.
Additionally, we encourage you to follow the practical recommendations listed below to be able to report your finding in the best way:
Here are some of the prohibited actions for vulnerability discovery:
At AGROFY we have a strong commitment to security and we appreciate your contributions to responsible disclosure, which is why to all security researchers who comply with this Responsible Disclosure Policy, AGROFY undertakes to:
Finally, remember that AGROFY does not reward people or organizations financially or in any other way for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be considered a violation of this Responsible Disclosure Policy.
Last Update: 04/06/2022