Responsible Disclosure Policy
ORENCloud is committed to ensuring the security of our users’ data and systems. We appreciate the help of security researchers in identifying vulnerabilities that could affect our services, and we encourage responsible disclosure of any such findings. To support this effort, we have developed the following guidelines for security researchers who discover vulnerabilities in ORENCloud’s systems.
Reporting Security Vulnerabilities
If you have discovered a security vulnerability in any of our products or services, please report it to us immediately through our designated email address for security disclosures: [email protected].
Please provide a detailed description of the vulnerability, including the steps necessary to reproduce it. Screenshots, videos, or proof-of-concept code are also appreciated. We will acknowledge your report within two business days of receipt and will provide an estimated timeline for when we expect to address the issue.
We ask that you do not publicly disclose the vulnerability until we have had sufficient time to investigate and remediate the issue. Once we have confirmed that the vulnerability has been fixed, we will give you the green light to publish your findings.
We will not pursue legal action against security researchers who act in good faith and comply with this responsible disclosure policy. However, we reserve the right to take appropriate legal action against individuals who engage in unauthorised access to our systems or who exploit vulnerabilities for personal gain.
Scope
This responsible disclosure policy applies to any vulnerabilities discovered in ORENCloud’s products or services. This includes our web applications, mobile apps, APIs, and infrastructure. Please note that we do not consider the following activities to be in compliance with this policy:
- Denial-of-service attacks or other actions that could harm the availability or integrity of our services.
- Social engineering or phishing attempts.
- Physical attacks or attempts to gain unauthorised access to our offices or data centres.
Thank you for helping us keep ORENCloud’s products and services secure. We appreciate your assistance in identifying and addressing vulnerabilities.