Responsible Disclosure
At Halon, we take security very seriously for ourselves, our clients, and the wider community. We are firm believers in responsible disclosure of vulnerabilities. If you find any security issues or flaws in our services or software we encourage you to contact us immediately. We continuously strive to improve and resolve any issues as fast as possible.
We highly respect the security community and will give credit where credit is due in our Hall of Fame.
How to report
To report any issues, please email us at [email protected]. If you wish, you may of course be anonymous too. Emails to this address can only be viewed by the internal security team. Upon receipt, you can expect a response from us within 72 hours as well as continual information regarding our timeline and progress to a proper resolution.
In your email, please provide us with as much information as possible for us to reproduce and resolve any issues.
We promise not to take any legal action against you in regards to the report.
What we expect of you
In the discovery and reporting of the issue, we expect you not to:
- Intentionally perform any harmful or criminal activity
- Extract, alter, or delete any sensitive data
- Perform any uncoordinated denial of service attacks
In the spirit of responsible disclosures, we kindly ask you to give us enough time to resolve any issues and publish patches before going public with it.