Vulnerability Disclosure Policy

Fairing takes vulnerability disclosures extremely seriously. Once disclosures are received, we verify each vulnerability reported before taking the necessary steps to contain and remediate the issue.

In order maintain the security and privacy of both researchers and our users, we require that any potential submissions are made inline with the following guidelines.

Guidelines

We require that all researchers:

• Make every effort to avoid privacy violations, degradation of our user's experience, disruption to production systems, and destruction of data during security testing

• Use the identified communication channels to disclose vulnerability information to us

• Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party

Exclusions

While researching, we ask you to refrain from:

• Denial of service

• Spamming

• Social engineering (including phishing) of Fairing staff or contractors

• Any physical attempts against Fairing property or data centers

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

How to Report a Security Vulnerability

Users and security researchers can report known or suspected security events, incidents, policy violations, or observed security weaknesses by sending an email to [email protected] with a description of the issue along with any relevant details.