Higlobe
Programa de divulgação de vulnerabilidades

Higlobe, Inc. ("Higlobe") welcomes contributions from responsible security researchers ("you" hereafter) as part of its vulnerability disclosure program ("Higlobe VDP"). Thus, in response to your good-faith participation in the Higlobe VDP, we will:

  • Not initiate legal action against you.
  • Recognize your contribution directly on our website, as described below.

To be elegible, you must:

  • Submit reports about potential vulnerabilities via Higlobe's official communication channel for reporting security concerns: [email protected]
  • Describe the vulnerability, where it was discovered, and the impact to data confidentiality, integrity, or availability. This includes artificial intelligence (AI) systems where the outputs are offensive, unethical, illegal, or have otherwise adverse impacts.
  • Provide a detailed description of the steps needed to reproduce the vulnerability, including either a step-by-step written narrative, screenshots, a video recording, or a combination of all three.
  • Agree to keep confidential any information (with the exception of Authorized Public Communications, described below) obtained while participating in the Higlobe VDP.

To be elegible, you must NOT:

  • Demand compensation or insinuate that it is owed.
  • Provide (or threaten to provide) any information obtained while participating in the Higlobe VDP to any third party not under any contractual or otherwise legally binding duty of confidentiality to you or your organization. The only exception to this is the Authorized Public Communications.
  • Modify or destroy any data encountered.
  • Perform social engineering, physical penetration testing, or denial of service attacks on Higlobe personnel, locations, or assets.
  • Submit vulnerability reports from automated scanning tools without evidence of exploitability.

If you comply with these requirements,
Higlobe will:

  • Work with you in good faith.
  • Acknowledge receipt of your report within 72 hours.
  • Advise whether Higlobe has accepted the report, and, if so, when the vulnerability is resolved.
  • If desired, recognize you via the Higlobe website ("Authorized Public Communications"), including the following information (if applicable):
    • Your name or handle
    • Your organization
    • General description of the vulnerability
    • Common vulnerabilities and exposures (CVE) identifier
  • Authorize and provide a revocable, royalty-free license for you to share Authorized Public Communications about the vulnerability remediated, provided that posting such communications do not violate any third-party rights.

Credit to StackAware for the source material used to develop this program: "Vulnerability Disclosure Program." StackAware, vdp.stackaware.com

Garantia de menor custo para transferências nos EUA