Vulnerability Disclosure Agreement

At Genesys Worldwide Ltd, we take the security of our systems seriously. If you have discovered a security vulnerability, we would appreciate your cooperation in responsibly disclosing it to us. By reporting vulnerabilities, you help us protect our customers and data. We believe that responsible disclosure of vulnerabilities is beneficial for both our company and the security research community. Your efforts help us improve our security posture, and we recognize and reward your contributions.

We do not condone cyber attacks on our infrastructure or that of our partners. Any detected attacks will be reported to the relevant authorities. To be eligible for rewards and legal protection, you must conduct yourself responsibly and in good faith.

Eligibility for Rewards

  • Only the first person to report a specific vulnerability will be rewarded.
  • The vulnerability must be new and previously unknown to us.

Scope

We are particularly interested in vulnerabilities that:

  • Allow unauthorized access to data (e.g., data breaches).
  • Bypass authentication mechanisms (e.g., login bypass).
  • Enable remote code execution (e.g., command injection).
  • Significantly impact service availability (e.g., denial of service attacks).

Reporting Process

  • Step 1: Submit your findings to the Technical Director via nerds@genesysworldwide.co.uk.
  • Step 2: Provide a detailed description of the vulnerability, including steps to reproduce it.
  • Step 3: Refrain from disclosing the vulnerability publicly until it is resolved.
  • Step 4: We will acknowledge receipt of your report within 3 business days and provide an estimated timeline for addressing the vulnerability.

Legal Safe Harbor

We commit to not pursuing legal action against you for your findings, provided you adhere to this agreement and act in good faith. This includes:

  • Avoiding any activities that could disrupt our services or compromise user data.
  • Respecting privacy and not accessing unnecessary data.
  • Reporting vulnerabilities promptly and accurately.

Reward Criteria

Rewards are granted based on the severity and impact of the vulnerability. Examples of potential rewards include:

  • Monetary rewards for critical vulnerabilities.
  • Products or software licenses for significant findings.
  • Sponsorships for attending relevant events or education programs.

All reward decisions are at our discretion and subject to approval by our legal team.

Exclusions

The following are excluded from the reward program:

  • Vulnerabilities caused by social engineering attacks (e.g., phishing), as these tactics target human behaviour rather than system flaws.
  • Findings from automated testing tools or scripts, as we perform extensive automated testing ourselves and seek specific vulnerabilities that require human insight.

Thank you for helping us maintain a secure environment.

An unhandled error has occurred. Reload 🗙