Last Updated: Aug 21, 2020
DriveHQ is committed to protecting our customers’ data from unwarranted disclosure. This policy is intended to give security
researchers clear guidelines for conducting vulnerability discovery activities and submitting discovered vulnerabilities to us.
If you are a security expert or researcher and believe you have discovered a security-related issue in our system, we ask that
you make a good faith effort to protect the privacy of our users and their data. We appreciate your help in disclosing the
issue to us responsibly.
Our Pledge to You
If you make a good faith effort to comply with this policy, we are committed to working with
you to verify and resolve any potential vulnerabilities that you report to us.
We will not initiate legal action against you.
Please note DriveHQ does not participate in any bug bounty programs, nor do we offer rewards or compensation for identifying issues.
However, if you are the first one to report a vulnerability that can be verified, we are happy to include your name in our
Hall of Fame, unless you don't want to.
Guidelines
As you conduct your research. We request that you:
- - Notify us as soon as possible if you discovered a real or potential security issue on any of DriveHQ’s cloud systems or client programs / apps.
- - Stop and notify us immediately if you encounter any sensitive information or Personally Identifiable Information.
- - Only view information to the extent required to identify the vulnerability and report the vulnerability directly to us.
Do not disclose the data to anyone else. Use your own account or create a new (free) account for testing purposes.
- - Provide the detailed information so that we can replicate the vulnerability.
- - Do not take any actions that may affect the integrity or availability of our systems.
If you notice any of our system problems that might be caused by your testing, please immediately stop testing.
- -Do not use any of the following methods: (1) Denial of service attacks; (2) Phishing or spear phishing; (3) Social engineering;
(4) Physical attacks against our data centers or property.
Reporting a vulnerability
To report a security issue or vulnerability, please send an email to security @ DriveHQ.com,
or submit a message at (https://www.drivehq.com/help/support.aspx). Please include:
- - A detailed description of the issue, where it was discovered.
-
- The potential impact or severity of exploitation.
-
- The steps to replicate the issue, or other info that can prove the concept.
-
- Please write in English if possible.
-
- Please do not share your report (and any communications relating to your report), with others while we work
on a solution. By submitting your report, you agree to treat the report as confidential for
at least 60 days after submission.
What you can expect from us
We commit to coordinating with you as openly and as quickly as possible.
-
- We will acknowledge that your report has been received within 3 days.
-
- We will verify the vulnerability as soon as possible and communicate with you if we have any additional questions.
-
- If the vulnerability is verified, we will inform you about the steps we are taking during the remediation process,
including a rough schedule to fix it. We will try to fix it in 60 days.
If a particular vulnerability requires more time, we will communicate with you.
We greatly appreciate your efforts in making DriveHQ cloud services more secure. Thank you!
Responsible Disclosure Contributor Hall of Fame
DriveHQ appreciates and would like to thank the following individuals or companies who have contributed to
improving the security of our cloud services.