TRUST

Vulnerability Reporting

Snapdocs does its utmost to deliver secure and resilient products and services. Should you identify a vulnerability in one of our products, rest assured that Snapdocs will address it quickly and efficiently.

Vulnerability Reporting

Vulnerability Reporting

To help facilitate the reporting process and to ensure integrity of our platform and other related products, please follow the below guidelines.

Snapdocs does not allow penetration testing of its Snapdocs managed cloud products without prior authorization. If you are a Customer, please contact your Account Representative for details. If you do encounter a vulnerability in one of our products, we encourage you to report it in a responsible and secure fashion by emailing us:

Email: Security@snapdocs.com (For privacy and security purposes, please use PGP key available here)

So that we may more effectively respond to your report, please provide:

  • Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
  • Product that contains the bug (Lender Application, Settlement Application, etc.)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if any)
  • Impact of the issue, including how an attacker could exploit the issue

 

Please Note:

For any Amazon Web Services (AWS) vulnerabilities, please report them to AWS by visiting their Vulnerability Reporting site.

Snapdocs Commitment and Responsibility

Acknowledge

Acknowledge

Snapdocs is committed to acknowledging, responding, and remediating the reported issue and keeping you informed as we work to address your Security concern.

Responsive

Responsive

You will receive a personal acknowledgment within the first 24hrs and daily updates as to progress.

Report

Report

In the spirit of responsible disclosure, Snapdocs will notify potentially impacted customers when Snapdocs will address the vulnerability or when they must take action to patch or otherwise remediate the vulnerability.

Recognition

Recognition

Our Policy is to acknowledge and credit researchers in any advisory we submit when a fix is issued for the reported security vulnerability.