This Policy sets forth the terms and conditions governing the conduct by security researchers of all vulnerability discovery activities directed at the networked information systems of Credo.ai, including web properties, and submitting discovered vulnerabilities to Credo.ai. If questions arise, please take no action until you have discussed that action is discussed with an authorized security representative Credo.ai.
Maintaining the security of our connected systems and software is a high priority at Credo.ai. Recognizing that the broader security research community regularly makes valuable contributions to the security of the Internet, Credo.ai believes that a close relationship with this community will also improve our security. If you have information about a vulnerability, please contact us at security@credo.ai.
Any information submitted to Credo.ai under this program will be used to mitigate or remediate vulnerabilities in our networks or applications, or in the applications of our vendors.
Please review program terms and conditions carefully. By participating in the Credo.ai’s vulnerability disclosure program, conducting any testing of Credo.ai networks or systems and prior to submitting a report, you agree to abide by these new terms and conditions.
Publicly accessible information systems or web properties owned, operated, or controlled by Credo.ai.
We accept vulnerability reports via security@credo.ai. Reports may be submitted anonymously. If you share contact information, we will try to acknowledge receipt of your report within 3 business days. Please provide a detailed summary of the vulnerability including: type of issue; product, version, and configuration of software containing the bug; step-by-step instructions to reproduce the issue; potential impact of the issue; and suggested mitigation or remediation actions, as appropriate.
By clicking “Submit Report,” or emailing us with a report, you are indicating that you have read, understand, and agree to the terms and conditions of the program for the conduct of security research and disclosure of vulnerabilities or indicators of vulnerabilities related to the Credo.ai information systems, and that you consent to having the contents of the communication and follow-up communications used by Credo.ai.
Credo.ai will deal in good faith with security researchers who discover, test, and submit vulnerabilities or indicators of vulnerabilities in accordance with these terms and conditions:
We take every disclosure seriously. We will investigate every disclosure and we will strive to ensure that appropriate steps are taken to mitigate risk and remediate all reported vulnerabilities.
This policy does not grant authorization, permission, or otherwise allow express or implied access to Credo.ai information systems to any individual, group of individuals, consortium, partnership, or any other business or legal entity. However, if a security researcher working in accordance with the terms and conditions of this VDP program discloses a vulnerability, then: (1) Credo.ai will: (1) not initiate or recommend any law enforcement action or civil lawsuits related to such activities against that researcher, and (2) inform the pertinent law enforcement agencies or civil plaintiffs that the researchers activities were, to the best of our knowledge, conducted pursuant to, and in compliance, with the terms and conditions of this program.
You must otherwise comply with all applicable Federal, State, and local laws in connection with your security research activities. You may not engage in any security research or vulnerability disclosure activity that is inconsistent with terms and conditions of the program or the law. If you engage in any activities that are inconsistent with the terms and conditions of the program or the law, you will not be considered a security researcher and may be subject to criminal penalties and civil liability.
Credo.ai may modify the terms and conditions or terminate the program at any time.