Responsible Disclosure Policy

Responsible Disclosure Policy

Last Updated March 3rd, 2024

Reporting security issues

If you believe you’ve found something in Kauneonga’s Liberty Platform that has security implications, please email them to [email protected].

* MFA is included with all plans for all users.

** Application events are logged for all accounts, but these are not accessible by clients.

Disclosure Policy

  • Data security is a top priority for Kauneonga. If you believe you’ve found a potential vulnerability in Kauneonga’s Liberty Platform, please notify us; we will work with you to resolve the issue promptly. Please let us know by emailing us at [email protected] with details including:
  • A description of the location and potential impact of the vulnerability.
  • A detailed description of the steps required to reproduce the vulnerability (Proof of Concept scripts or screenshots are helpful).
  • Your contact information
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues as soon as possible after disclosure and respond within ten business days.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Kauneonga Liberty Platform service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Exclusions

Please refrain from:

  • Distributed Denial of Service (DDoS)
  • Social engineering or phishing of Kauneonga employees or contractors
  • Any attacks against Kauneonga’s physical property or data centers
  • Disclosure of known public files or directories (e.g. robots.txt)
  • Disclosure of HTTP/HTTPS/SSL/TLS security header configuration suggestions
  • Disclosure of a lack of Secure/HTTPOnly flags on non-sensitive cookies
  • Disclosure of application/web browser ‘autocomplete’ or ‘save password’ operations
  • Disclosure of Sender Policy Framework (SPF) configuration suggestions
  • Disclosure of DMARC configurations suggestions
  • Disclosure of issues with https://www.kauneonga.com, as this is just used for marketing purposes

Thank you for helping to keep Kauneonga and our users safe!

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at www.kauneonga.com/responsible-disclosure-policy

Feedback

Kauneonga is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at [email protected].