Vulnerabilities

MYCASE, INC. VULERNABILITY REPORTING POLICY

LAST UPDATED: March 1, 2021

TABLE OF CONTENTS:

  1. About Us and This Policy
  2. Reporting a Vulnerability
  3. Report Submission Requirements
  4. Prohibited Activities
  5. MyCase Security Team Commitment

 

1. ABOUT US AND THIS POLICY

Welcome, and thank you for visiting our website or using our services! Maintaining the security of our applications and network is a high priority for MyCase. The MyCase Security Team encourages responsible reporting of any vulnerabilities that may be found on our site or application and we are committed to working with you to verify and address any potential vulnerabilities that may be reported to us.

This Policy describes the process for how to report a vulnerability, what requirements must be included when submitting a report, and any prohibited actions or testing when using the MyCase site or application.

We update this Policy periodically, and we will indicate the date the last changes were made above. If we determine, at our discretion, changes are significant, we will provide a more detailed notice and may also notify you of such changes via email.

When this Policy mentions “MyCase,” “we,” “us,” or “our” it refers to MyCase, Inc.

We hope this Policy answers all your questions about our commitment to security and the protection of your information, but to the extent you have further questions regarding this Policy, we invite you to email us anytime at [email protected] or otherwise contact us as provided for herein.

2. REPORTING A VULNERABILITY

If you believe you have discovered a security bug or vulnerability within MyCase services, please report it to the MyCase Security team via email at [email protected]. We will investigate your report and respond to you as soon as possible. Please do not disclose your findings until we have had the opportunity to review and address them with you.

3. REPORT SUBMISSION REQUIREMENTS

In order to help triage and prioritize submissions we recommend that your reports include the following:

  • Describe the location, date, and time that the vulnerability was discovered and the potential impact of exploitation.
  • Provide a detailed description of the steps to reproduce the vulnerability (proof of concept or system screenshots are helpful).
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • Include any supporting documentation.

4. PROHIBITED ACTIVITIES

While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited and is considered out of scope for this submission (including but not limited to):

  • Performing actions that may negatively impact MyCase or our customers (e.g., Spam, Brute Force, Denial of Service)
  • Accessing or attempting to access, data or information that does not belong to you.
  • Destroying, corrupting, or attempting to destroy data or information that does not belong to you.
  • Social engineering (e.g., Phishing, Vishing, Smishing).
  • Conducting vulnerability testing of participating services using anything other that test accounts (e.g., Developer or Trial Edition instances).
  • Violating any laws or breaching any agreements to discover vulnerabilities.

5. MYCASE SECURITY TEAM COMMITMENT

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the MyCase security team will use reasonable effort to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report.
  • Provide an estimated time frame for addressing the vulnerability report.
  • Notify you when the vulnerability has been remediated.

We want to thank every user or individual researcher who submits a vulnerability report for helping us to improve our overall security posture at MyCase.