Vulnerability Disclosure Policy
Last Updated: March 1, 2025
We at Elite Enterprise Software are committed to protecting the privacy and data of our customers. We appreciate the efforts of security researchers who help identify potential vulnerabilities in our systems.
Scope
This policy applies to any digital assets under the eliteenterprisesoftware.comdomain or subdomains. If you find a vulnerability in our services or platforms, please adhere to this policy.
Reporting a Vulnerability
- Contact: Send a detailed report to [email protected] or through our contact form.
- Encryption: For sensitive info, use our PGP key.
- Include: a description, steps to reproduce, potential impact, and relevant evidence (screenshots, logs, etc.).
Our Commitment
We will acknowledge receipt of your report within 3 business days. We strive to provide a status update or fix within 15 business days. We will not take legal action against researchers who follow this policy in good faith.
Safe Harbor
Activities conducted under this policy are considered authorized. We will not pursue or support legal action related to such activities, provided:
- You do not exploit beyond the purpose of testing.
- You do not publicly disclose details without coordination.
- You make a good-faith effort to avoid privacy violations or service disruption.
Out of Scope
- Social engineering of employees or customers.
- Physical attacks on our offices or data centers.
- Denial of service attacks (DoS).
Rewards & Acknowledgments
We currently do not have a paid bug bounty program, but we may offer a token of appreciation. You can choose to be recognized on our Hall of Fame.