Security research and responsible disclosure
At Elvie, we consider the security of our customers and systems a top priority.
We recognise the valuable role that independent security researchers play. If you are a researcher and are interested in helping us, please review the guidelines below before you test and/or report a vulnerability. If you have followed these guidelines, we will not seek any legal action against you in regard to any report you make to us.
We appreciate your help in maintaining the safety and security of our customers and our systems.
How to help
What you should do:
Send us your findings by email to security@elvie.com.
Include sufficient information to allow us to reproduce the problem so that we can test it.
What you shouldn't do:
Don't take advantage of the vulnerability or problem you have discovered.
Don't do anything more than is necessary to demonstrate the vulnerability, e.g. don't download more data than necessary or delete or modifying data that is not your own.
Don't reveal the problem to others until we have confirmed that it is resolved.
Don't use attacks on physical security.
Don't use social engineering on our customers or staff, either by voice, phishing emails or other means.
Don't use denial of service attacks, or levels of requests that could result in denial of service.
Don't use third party applications, scanners or any means of large automated exploitation, including botnets or other tools that generate a significant volume of traffic.
What we will do
We will respond to your report within 5 business days with our evaluation of the report and an expected resolution date.
We will not pass on your personal details to third parties without your permission.
We will keep you informed of the progress towards resolving the problem.
We will strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.
We will give your name as the discoverer of the problem in any public information concerning the problem reported (unless you desire otherwise).