Introducing Vivun’s Vulnerability Disclosure Program

Tim Messing Avatar photo

Vivun Security is excited to announce the launch of our Vulnerability Disclosure Program (VDP)! Our VDP is a security-focused initiative that enables security researchers and ethical hackers to report vulnerabilities they find in our systems, so that we can address them promptly. This is part of our continuous efforts to foster a relationship with the security community.

As a company that values the transparency and security of our customers and their data, we understand the importance of maintaining a strong security posture, while recognizing that no system is perfect and vulnerabilities can arise despite our best efforts. Therefore, we are implementing a VDP to enable researchers to report any security issues they discover, so we can quickly address them.

Who can participate?

Our VDP is open to all researchers; industry professionals, independent researchers, and hobbyists. We encourage all researchers to participate and report any vulnerabilities they find, regardless of severity. All reports will be promptly reviewed by our security team, who will work to validate true positives and address any vulnerabilities in a timely manner.

How do I learn more?

Our vulnerability disclosure policy details the guidelines for participating in the program, including the in-scope and out of scope assets and activities. Some examples include reporting vulnerabilities with no conditions, demands, or ransom threats, as well as avoiding actions that may negatively affect Vivun or its clients or otherwise impact service availability. We also discuss Vivun’s commitment to security researchers around prompt and clear communication. The initial rollout of VDP is focused on only a subset of Vivun’s applications and assets, allowing us to take incremental steps towards the end goal of increasing the list of in-scope assets as we monitor engagement from the community.

Where do I report vulnerabilities?

To report a vulnerability, you can email our security team at vulnerability-reporting@vivun.com. In your email, please provide as much detail as possible about the vulnerability, including steps to reproduce it, any proof-of-concept code or scripts, and any other relevant information. Our team will acknowledge receipt of your report and keep you updated on its status throughout the resolution process. At this point in time, we are not implementing a reward system for reports.

Vivun takes the security of our customers and their data very seriously, and we are committed to maintaining a strong security posture. We believe that our VDP is an important step in achieving that goal and furthering our commitment to transparency, and we look forward to working with the security research community to identify and address any vulnerabilities that may arise.

Tim Messing Avatar photo May 20, 2023