MYCASE, INC. VULERNABILITY REPORTING POLICY
LAST UPDATED: March 1, 2021
TABLE OF CONTENTS:
1. ABOUT US AND THIS POLICY
Welcome, and thank you for visiting our website or using our services! Maintaining the security of our applications and network is a high priority for MyCase. The MyCase Security Team encourages responsible reporting of any vulnerabilities that may be found on our site or application and we are committed to working with you to verify and address any potential vulnerabilities that may be reported to us.
This Policy describes the process for how to report a vulnerability, what requirements must be included when submitting a report, and any prohibited actions or testing when using the MyCase site or application.
We update this Policy periodically, and we will indicate the date the last changes were made above. If we determine, at our discretion, changes are significant, we will provide a more detailed notice and may also notify you of such changes via email.
When this Policy mentions “MyCase,” “we,” “us,” or “our” it refers to MyCase, Inc.
We hope this Policy answers all your questions about our commitment to security and the protection of your information, but to the extent you have further questions regarding this Policy, we invite you to email us anytime at [email protected] or otherwise contact us as provided for herein.
2. REPORTING A VULNERABILITY
If you believe you have discovered a security bug or vulnerability within MyCase services, please report it to the MyCase Security team via email at [email protected]. We will investigate your report and respond to you as soon as possible. Please do not disclose your findings until we have had the opportunity to review and address them with you.
3. REPORT SUBMISSION REQUIREMENTS
In order to help triage and prioritize submissions we recommend that your reports include the following:
4. PROHIBITED ACTIVITIES
While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited and is considered out of scope for this submission (including but not limited to):
5. MYCASE SECURITY TEAM COMMITMENT
We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the MyCase security team will use reasonable effort to:
We want to thank every user or individual researcher who submits a vulnerability report for helping us to improve our overall security posture at MyCase.