Vulnerability Reporting Policy

AutoRABIT Holding, Inc. (“AutoRABIT”) is committed to maintaining the security and integrity of our services and website. We welcome and encourage security researchers, customers, and the general public to responsibly disclose any vulnerabilities they discover to help us ensure a secure environment for everyone.

1. SCOPE.
   
   This policy outlines the steps for reporting Vulnerabilities to AutoRABIT. A “Vulnerability”, for the purposes of this policy, includes any vulnerability, privacy issue, exposed data, or other security issue identified in our Assets. Our “Assets” refer to any digital assets, systems, or sites that are owned, operated, or maintained by AutoRABIT.
   
   
2. DISCLOSURE GUIDELINES.
   
   To help us respond quickly and efficiently, please include the following information in your vulnerability report:
   
   2.1 A detailed description of the Vulnerability, including steps to reproduce it.
   2.2 Any supporting materials, such as screenshots or proof-of-concept code.
   2.3 Your contact information for follow-up (optional).
   
   
3. REPORTING CHANNELS.
   
   3.1 U.S. Government Customers: Please email your vulnerability reports to: [email protected]
   3.2 All Other Customers or General Members of the Public: Please email your vulnerability reports to: [email protected].
   
   
4. WHAT TO EXPECT FROM US.
   
   4.1 We will acknowledge receipt of your report within 3 business days.
   4.2 Our security team will investigate the reported issue and work to address it promptly.
   4.3 We may contact you for additional details, if necessary.
   4.4 If applicable, we will notify you when the vulnerability has been addressed.
   
   
5. WHAT WE EXPECT FROM YOU.
   
   We request that you:
   
   5.1 Avoid any activity that could cause harm or disruption to AutoRABIT Assets, systems, data, or other users.
   5.2 Refrain from publicly disclosing vulnerabilities until we have had an opportunity to investigate and address the issue.
   5.3 If unintended access to data occurs, minimize data access to what’s necessary to show the Vulnerability and stop testing immediately if you encounter confidential data (e.g., PII, PHI, credit card details, or proprietary information).
   5.4 Adhere to all applicable laws and regulations.
   
   AutoRABIT appreciates your contributions to our security efforts. By working together, we can create a safer online environment for all.