Introduction

At LayerX Security, we highly appreciate the efforts of security researchers and the public in helping us elevate our security standards. If you have identified a vulnerability, privacy issue, data exposure, or any other security threats within our assets, we encourage you to promptly get in touch with us. This policy is designed to define the steps for vulnerability reporting, our expectations, and what you can anticipate in return.

Scope

This policy encompasses all digital assets owned, managed, or sustained by LayerX Security. This includes instances of the LayerX Security product that you have unambiguous permission to test.

Our Commitments

When you collaborate with us under this policy’s provisions, we commit to:

  • Swiftly respond to your report, and cooperate to understand and validate your findings.
  • Endeavor to keep you regularly updated about the progress of your report.
  • Act upon verified vulnerabilities in a timely manner, in line with our operational restrictions.
  • Grant Safe Harbor, as detailed later, regarding your vulnerability research associated with this policy.

Our Expectations

  • Adhere to the guidelines, including complying with this policy and any other relevant agreements. This policy shall supersede if any discrepancies with other applicable terms arise.
  • We kindly request those participating in our vulnerability disclosure program to:
    • Promptly report any discovered vulnerabilities.
    • Refrain from infringing on others’ privacy, disrupting our systems, destroying data, or negatively impacting the user experience.
  • Use only the Official Channels, detailed later, for discussing vulnerability information.
  • Maintain confidentiality concerning any discovered vulnerabilities as per our Disclosure Policy, referred to later.
  • Limit testing exclusively to in-scope systems and respect out-of-scope systems and activities.
  • In case a vulnerability provides unintended data access, access the least data needed for demonstrating a proof of concept. Stop testing and report immediately once you come across any user data.
  • Interact only with your test accounts or with explicit permission from the account holder.
  • Refrain from any form of extortion.

Official Channels

In case of any security issues, please report them to security@layerxsecurity.com, with all relevant information. The more detailed your report, the easier it will be for us to verify and fix the problem.

Disclosure Policy

Our current Disclosure Policy is Discretionary. Researchers are required to seek permission to publicly share details about the vulnerability. LayerX Security must provide explicit approval before such information can be disclosed.

Safe Harbor

We regard any vulnerability research under this policy as:

  • Legitimate and compliant with any relevant anti-hacking laws, and we will not instigate or back legal action for unintentional, good-faith violations of this policy.
  • Authorized according to any applicable anti-circumvention laws, making us unlikely to pursue a claim against you for circumvention of technology controls.
  • Exempt from the limitations under Section 3(vii) of LayerX Security’s Terms and Conditions (or License Agreement as applicable), and we relinquish those limitations on a limited basis.
  • Legal, aiding to the overall internet security, and executed in good faith.

We always expect you to adhere to all applicable laws. In case a third party initiates legal action against you and you have adhered to this policy, we will take measures to affirm that your actions complied with this policy. If you are concerned or unsure about whether your security research aligns with this policy at any point in time, kindly submit a report via one of our Official Channels before proceeding.