Korgen - Disclosure Policy

Responsible Disclosure Policy

At Korgen, the security of our website is one of our primary concerns and we are committed to addressing security issues on a high-priority basis in order to make our website a safe place for users of our website to browse and transact. However, sometimes it is possible that vulnerabilities escape detection despite the best precautionary measures.

Therefore, we investigate all received vulnerability reports and implement the best course of action in order to protect our users. Whether you are a user of our website, a software developer, security researcher or simply a member of the general public, we see you as an important part of this process.

If you think you have discovered a vulnerability in our website or have a security incident to report and responsibly shares the details with us, we will promptly acknowledge receipt (within 48 business hours of submission) of your report, work closely with you to investigate and validate the reported vulnerability, fix it and publicly recognize your contribution to the safety of our website and systems. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.

1.0

How to report an issue ?

1.1

If you happen to identify any security vulnerability on our website (https://www.korgentech.com), we request you to follow the steps outlined here below:

Please mail us the necessary details to [email protected] including description of the location, potential impact of the vulnerability, steps required to reproduce the vulnerability (POC scripts, screenshots, compressed screen captures or simple text instructions that explain the vulnerability scenario/s.

ii.

Please also share with us your contact details (name, email, phone number) so that our IT team can reach out to you if further inputs are needed to identify or close the issue and acknowledge the same.

1.2

While conducting security testing, make every effort to avoid privacy violations, degradation of user experience, disruption to production systems and destruction of data.

1.3

We request you to keep any communication regarding the vulnerability confidential between yourself and Korgen. If you intend to make the information public for educational or other such needs, please give us a reasonable timeframe (90 days from the date of reporting) to fix the problem before making such information public. Disclosing the vulnerability to the public without giving us adequate time to fix the same is against our responsible disclosure policy.

1.4

If the identified vulnerability can be used to potentially extract information of our users, buyers or systems, or impair our website’s ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one.

1.5

While we appreciate the inputs of Whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted user or system information or impairing our systems or made public before we fix it.

1.6

While we do not have a formal bug bounty program for such disclosures, depending on the severity of the identified vulnerability, we may, at our sole discretion, reward you for the responsible disclosure of your findings as a gesture of goodwill in addition to publicly acknowledging your contribution in this section on our website, with your consent.

1.7

However, requests for monetary compensation in connection with any identified or alleged vulnerability shall be deemed noncompliant with this Responsible Disclosure Policy. Korgen reserves all of its legal rights in the event of any noncompliance of this policy.

1.8

We greatly appreciate the efforts of people who share information on security issues with us and thus enabling us to improve our products and protect our customers.

THANK YOU for working with us through the above process.