Nous contacter

Ensemble, nous construisons un meilleur réseau.
Merci ! Votre candidature a été reçue !
Oups ! Une erreur s'est produite lors de l'envoi du formulaire.
Communication Tiles

Vulnerability Disclosure Policy

Overview
At Centerline Communications, we recognize that security vulnerabilities can exist in any system or service. We encourage responsible reporting of potential security issues to help protect our systems, customers, partners, and stakeholders. This policy outlines how Centerline Communications receives and handles vulnerability reports and establishes expectations for responsible security research.
 
Purpose
The purpose of this policy is to provide a clear and responsible method for reporting security vulnerabilities and to define the expectations and boundaries for individuals who identify and disclose potential security issues. This policy supports coordinated disclosure efforts and helps reduce security risk while maintaining the integrity and availability of Centerline Communications’ systems and services.  

Scope
This Vulnerability Disclosure Policy applies to internet‑facing systems, applications, and services owned or operated by Centerline Communications, including:  www.centerlinecommunications.com Additional systems may be included at the discretion of Centerline Communications.  

Policy
Responsible Disclosure and Safe Harbor
Centerline Communications will not initiate legal action against individuals who report security vulnerabilities in good faith and in accordance with this policy. If legal action is initiated by a third party as a result of activities that comply with this policy, Centerline Communications will take reasonable steps to make it known to relevant authorities that the actions were conducted as part of responsible security research.

This safe‑harbor protection does not apply to activities that intentionally disrupt services, harm systems, access data beyond what is necessary to demonstrate a vulnerability or violate applicable laws.  

Centerline Communications’ Commitment
When a valid vulnerability is reported in accordance with this policy, Centerline Communications will:  

- Acknowledge receipt of the report in a reasonable timeframe
- Review and assess the reported issue
- Determine severity, impact, and remediation priority at our discretion
- Communicate as appropriate regarding remediation status or resolution

Any timelines, acknowledgments, or rewards are not guaranteed and remain subject to operational and security considerations.

Researcher Responsibilities
Individuals reporting vulnerabilities under this policy agree to:
- Act in good faith and avoid actions that could harm Centerline Communications, its customers, or its partners
- Report on vulnerabilities promptly and privately
- Limit testing to what is necessary to demonstrate the issue
- Avoid exploitation, public disclosure, or sharing of vulnerabilities prior to remediation or coordinated disclosure

Severity Assessment and Rewards
All vulnerability severity classifications are determined solely at the discretion of Centerline Communications. Centerline Communications may, but is not obligated to, offer acknowledgment or compensation for eligible vulnerability reports. Eligibility for acknowledgment or any reward is determined at Centerline Communications’ discretion and may depend on factors including, but not limited to:
- Novelty of vulnerability
- Severity and impact
- Quality and clarity of the report

Vulnerabilities that are already known to Centerline Communications, previously reported, or otherwise identified through internal or third‑party sources, are not eligible for acknowledgment or reward.

Prohibited Activities
The following activities are not permitted under this policy:
- Denial‑of‑service attacks, including resource exhaustion or high‑impact automated scanning
- Social engineering, phishing, or impersonation
- Physical access attempts or surveillance
- Testing of non‑internet‑facing systems (e.g., internal networks, private IPs, workstations)
- Installation of persistent backdoors or malware
- Modification or deletion of data
- Attempts to access accounts or data not owned by or authorized to the researcher

Out-of-Scope Findings
The following issues are considered out of scope and are not eligible under this policy (non‑exhaustive):
- Absence or presence of DKIM, SPF, or DMARC records
- Missing or overly permissive HTTP security headers
- Clickjacking with no demonstration of security impact
- Missing cookie flags
- Disclosure of non‑sensitive or publicly available information
- Lack of best‑practice hardening without proven risk
- Self‑attacks
- CSRF vulnerabilities with low or no impact
- Open ports without demonstrated exploitability
- Issues requiring unrealistic or insecure preconditions
- Lookalike or homograph domains
- Broken links or metadata exposure
- Theoretical vulnerabilities without practical exploit
- Weak SSL/TLS configurations without demonstrable risk
- Missing multi‑factor authentication
- Recently patched third‑party vulnerabilities published within the last two weeks

Reporting Potential security vulnerabilities should be reported to:

Email: infosec@clinellc.com  Reports should include sufficient detail to reproduce and evaluate the issue, including affected systems, steps to reproduce, and any relevant evidence or proof-of-concept.

Services
À propos
Nos Entreprises
Nouvelles
Carrières
Personne-ressource
750, rue W. Center, Bureau 301
West Bridgewater, Massachusetts 02379
(844) 748 -8878
Politique de confidentialité
Modalités d'utilisation
Avis de confidentialité pour les candidats à un emploi en Californie
Avis de confidentialité pour les résidents de la Californie
2024 © Centerline Communications LLC
Préférences en matière de cookies