Responsible Disclosure Policy

At susreg, we take the security of our systems and the privacy of our users very seriously. We appreciate the efforts of security researchers and engineers who help us maintain a secure environment for our users. This page outlines how you can report security vulnerabilities to us responsibly.

Scope

This policy applies to the following domains and services:

  • susreg.com
  • www.susreg.com

Please note that this policy does not apply to third-party services or websites that we do not control.

Guidelines for Reporting

When reporting a security vulnerability, please follow these guidelines:

  • Do Not:
    • Exploit the vulnerability or issue beyond what is necessary to demonstrate the vulnerability.
    • Access, modify, or delete data that is not your own.
    • Use social engineering or phishing attacks against our employees or users.
    • Disclose the vulnerability to others until it has been resolved.
  • Do:
    • Provide detailed information about the vulnerability, including steps to reproduce it.
    • Use the contact information provided below to report the vulnerability.
    • Allow reasonable time for us to investigate and resolve the issue before making any information public.

Contact Information

To report a security vulnerability, please contact us at:

Email: security@susreg.com

Please include the following information in your report:

  • Your name and contact information (optional).
  • A description of the vulnerability.
  • Steps to reproduce the vulnerability.
  • Any relevant screenshots or logs.

Acknowledgment and Response

We will acknowledge receipt of your report within 3 business days and provide you with a timeline for when you can expect a more detailed response. We will keep you informed of our progress throughout the remediation process.

If your report is valid and results in a change to our systems, we may publicly acknowledge your contribution to improving our security.

Legal Safeguards

We are committed to working with security researchers to resolve vulnerabilities. We will not take legal action against you for reporting vulnerabilities as long as you follow the guidelines outlined in this policy.

We ask that you do not engage in any activity that could be considered illegal, even if it is intended to identify vulnerabilities.

Conclusion

Thank you for helping us keep our systems secure. Your efforts are greatly appreciated and contribute to the safety of our users.