Vulnerability Disclosure Policy

Introduction

At Ensis AI, we take the security of our systems and services seriously. We recognize the importance of security researchers and the valuable role they play in helping us maintain a safe and secure environment for our customers. This policy outlines our approach to responsible vulnerability disclosure and the procedures to follow when reporting security vulnerabilities to us.

Scope

This policy applies to all individuals and organizations, including security researchers, customers, and third parties, who discover and wish to report security vulnerabilities in Ensis AI's products, services, or systems.

Responsible Disclosure Guidelines

Reporting Vulnerabilities

If you discover a potential security vulnerability, we encourage you to report it to us promptly and responsibly by emailing us at info@ensis.ai. Please include the following information in your report:

- Description of the vulnerability and its potential impact.

- Steps to reproduce the vulnerability.

- Your contact information for further communication.

What We Promise

Upon receiving a vulnerability report, we commit to:

- Acknowledging receipt of your report promptly (within 3 business days).

- Investigating the issue and assessing its validity.

- Communicating with you to understand the details and verify the vulnerability.

- Keeping you informed of our progress and any remediation steps taken.

- Treating your report confidentially and with respect for your privacy, in accordance with our Privacy Policy.

What We Expect from You

As a security researcher or reporter, we expect you to:

- Make every effort to avoid privacy violations, disruption to our services, and destruction of data during your research.

- Adhere to the principles of responsible disclosure and avoid disclosing or exploiting the vulnerability to others until we have had sufficient time to address it.

- Provide us with reasonable time to investigate and mitigate the reported vulnerability before publicly disclosing it.

Exclusions

The following activities are not authorized under this policy:

- Denial of service (DoS) attacks.

- Physical attacks against our offices, data centers, or personnel.

- Social engineering attacks against our employees, customers, or vendors.

- Any activity that violates any law or causes harm to Ensis AI, our customers, or third parties.

Legal Protections

We will not take legal action against you for reporting a security vulnerability to us, provided you comply with this policy. We recognize and respect the rights of security researchers who work to improve security for everyone.

Contact Information

For reporting security vulnerabilities or questions related to this policy, please contact us at info@ensis.ai.

Policy Updates

We may update this policy from time to time. Any changes will be posted on our website, and your continued participation in our responsible disclosure program constitutes acceptance of those changes.

1. Acceptance of Terms

By accessing or using this RFP website, you agree to comply with and be bound by these terms and conditions. If you do not agree with these terms, please refrain from using the website.

2. User Eligibility

Users must be of legal age and capable of forming a binding contract in their respective jurisdictions.

3. Account Registration

To participate in the RFP process, users may be required to create an account, providing accurate and complete information. Users are responsible for maintaining the confidentiality of their account details.

4. RFP Submission