CounterCraft cares deeply about the security of our products, services, business applications, and infrastructure.
As security researchers ourselves, CounterCraft understands the importance of investigating and responding to security issues. We also realize that despite our efforts to eradicate security vulnerabilities from our products and services, there will always be emerging threats, new vulnerabilities, and opportunities to improve. To that end, CounterCraft believes wholeheartedly in embracing the public research community when security issues are discovered and working with security researchers to fix the identified issue and remediate any related and/or underlying systemic issues to further improve our security posture.
In the interest of protecting our customers, we provide the public research community the opportunity to engage, report, and receive credit for their work. While engaging with us, we ask that reporters honor responsible disclosure principles and processes and give CounterCraft an opportunity to evaluate, respond, and if necessary, remediate any confirmed security vulnerabilities prior to public disclosure.
If you have discovered a vulnerability in a CounterCraft product or service, please contact vulnerabilities@countercraftsec.com. If this issue is significant enough to merit encryption, please use our PGP key available at https://www.countercraftsec.com/downloads/pgp.txt
Once we have received a vulnerability report, the following steps are taken:
To protect our customers, employees, and business, we request security researchers maintain compliance with this policy. CounterCraft will consider the submission as noncompliant if the submission is publicly disclosed without express written consent from CounterCraft. In addition, all research activity must be compliant with the following: