We work hard every day to maintain and improve our systems and processes so that our customers can use our products and services safely online at all times. However, should you find a weakness in one of our IT systems, we would appreciate your help.
You can report any number of weaknesses in our IT systems. If you spot a weakness, please contact us as soon as possible. Examples are:
We use Amazon CloudFront as our CDN, and hence use AWS recommended settings for maximum browser compatibility. Hence please do NOT report that weak encryption algorithms are enabled when viewing our web pages over SSL.
You can report weaknesses to us by email to responsible.disclosure@adroitlogic.com. State concisely in your email what weakness(es) you have found. We will take appropriate action based on the severity. Our security experts will investigate your report and will reply back to you if we require more information.
Reporting an issue by any other means (e.g to other email addresses designated for business use such as but not limited to info@adroitlogic.com etc) will not be considered, as our administration staff who reads such email will mark them as spam and/or block your email address from reaching us again.
Please note that due to a recent increase in reports of issues of a very minor nature, we are compelled to ignore reports we do not consider to be serious. To avoid a waste of both your time and ours, we request that you first email us a profile of yours (including references to any previous issues found) and any vulnerabilities that you wish to test. Only proceed with any investigations if you receive a confirmation reply from us to proceed. To request for permission to proceed, please email your profile to vulnerability.testing.request@adroitlogic.com
If you discover a weakness and investigate it, you might perform actions that are punishable by law. If you observe the rules for reporting weaknesses in our IT systems, we will not report your offence to the authorities.
It is important for you to know, however, that the public prosecutor’s office – not AdroitLogic – will decide whether or not you will be prosecuted, regardless of whether we report your offence to the authorities. We cannot promise that you will not be prosecuted if you commit a punishable offence when investigating a weakness.
Take responsibility and act with extreme care and caution. When investigating the matter, only use methods or techniques that are necessary in order to find or demonstrate the weaknesses.
You might receive a reward – but we are not required to give you one. You are not necessarily entitled to compensation, especially if your investigation is unable to alter our internal systems or databases. The amount of the reward, if any, is not fixed in advance. AdroitLogic determines the amount, based on the following:
You will NOT receive a reward or reply, if you have not followed the instructions listed above. Especially if you do not use the proper email addresses to request for permission, and to disclose any vulnerabilities.
No. Under no circumstances should any weaknesses in our IT systems or your investigation be published without our prior written permission. Please note that as a policy we do not generally allow any such publication, even after an issue is resolved.
The email address responsible.disclosure@adroitlogic.com is not intended for the following:
Yes, you can. You do not have to give us your name and contact details when you report a weakness.