TRUST
Vulnerability Reporting
Snapdocs does its utmost to deliver secure and resilient products and services. Should you identify a vulnerability in one of our products, rest assured that Snapdocs will address it quickly and efficiently.
Vulnerability Reporting
To help facilitate the reporting process and to ensure integrity of our platform and other related products, please follow the below guidelines.
Snapdocs does not allow penetration testing of its Snapdocs managed cloud products without prior authorization. If you are a Customer, please contact your Account Representative for details. If you do encounter a vulnerability in one of our products, we encourage you to report it in a responsible and secure fashion by emailing us:
Email: Security@snapdocs.com (For privacy and security purposes, please use PGP key available here)
So that we may more effectively respond to your report, please provide:
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product that contains the bug (Lender Application, Settlement Application, etc.)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if any)
- Impact of the issue, including how an attacker could exploit the issue
Please Note:
For any Amazon Web Services (AWS) vulnerabilities, please report them to AWS by visiting their Vulnerability Reporting site.
Snapdocs Commitment and Responsibility
Acknowledge
Snapdocs is committed to acknowledging, responding, and remediating the reported issue and keeping you informed as we work to address your Security concern.
Responsive
You will receive a personal acknowledgment within the first 24hrs and daily updates as to progress.
Report
In the spirit of responsible disclosure, Snapdocs will notify potentially impacted customers when Snapdocs will address the vulnerability or when they must take action to patch or otherwise remediate the vulnerability.
Recognition
Our Policy is to acknowledge and credit researchers in any advisory we submit when a fix is issued for the reported security vulnerability.