Responsible Disclosure Policy

At ThriveDX, safeguarding the security and privacy of our users is our top priority. We are dedicated to upholding the highest standards across all our systems and data, but while striving for perfection, we acknowledge that some vulnerabilities may go unnoticed. 

This policy details our approach to addressing potential vulnerabilities and offers clear guidelines for security researchers on how to report them responsibly. Your contributions help us ensure a safer experience for everyone.

Found a Security Vulnerability? Let's Work Together.

If you think you’ve discovered a security vulnerability in one of our systems, we want to hear from you! Please report it directly to our security team at security@thrivedx.com. Also, to help us address the issue as swiftly as possible, please include detailed information, such as:

  • A clear description of the vulnerability.
  • Information regarding the systems affected and potential impact.
  • Steps to reproduce the issue and any relevant proof of concept, screenshots, or logs.

Things to Focus On

This policy applies to any vulnerabilities found within systems owned, operated, or maintained by ThriveDX. Specifically, this includes:

  • Websites, applications, and APIs owned or operated by ThriveDX.
  • Any publicly accessible systems, endpoints, or services directly managed by us.
  • Any other digital assets clearly belonging to ThriveDX.

Things to Avoid

While we encourage the responsible disclosure of security vulnerabilities, specific findings are considered out of scope and will not be eligible for further investigation or response. These include, but are not limited to:

  • Third-party services or products that are not directly managed by ThriveDX.
  • Social engineering attacks (such as phishing).
  • Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks.
  • Physical security of our offices or data centers.
  • Issues related to the presence of or lack of email best practices (e.g., SPF, DKIM, DMARC).

Our Commitment

Upon receiving your report, we commit to:

  • Acknowledge your report within 7 business days.
  • Provide an estimated timeline for resolution, if applicable.
  • Keep you updated on the progress of the investigation.
  • Notify you once the issue has been resolved and seek your feedback on the solution.

Guidelines for Responsible Disclosure

To protect our users and systems, we ask that you:

  • Keep from publicly disclosing discovered vulnerabilities until we’ve had a chance to investigate and address them.
  • Avoid actions that could cause harm, such as accessing, modifying, or deleting data that doesn’t belong to you.
  • Refrain from violating the privacy of others by accessing or disclosing personal information.
  • Follow our policies and all relevant laws during your research.

Legal Considerations

This policy is not intended to authorize any activity that violates applicable laws. By reporting vulnerabilities to us, you agree to comply with all relevant legal requirements and refrain from any actions that could harm our systems, compromise user data, or violate privacy. We value your responsible approach to helping us protect our users, and we expect all interactions to be conducted in good faith.

Staying Updated

Please note that we may update this policy occasionally as required. We encourage you to keep this in mind when reviewing our guidelines.

Get In Touch

If you have questions or need more information, please contact us at security@thrivedx.com. We appreciate your efforts to help us ensure the safety and security of our users.

Almost There.

Are you ready to gain hands-on experience with the IT industry’s top tools, techniques, and technologies?

Take the first step and download the syllabus.

Name
Address
By clicking "Request Info," I consent to be contacted by ThriveDX, including by email, calls, and text messages, (including by autodialer or prerecorded messages) about my educational interests. I understand that my consent to be contacted is not required to enroll. Msg. and data rates may apply.

Contact (212) 448-4485 for more information. I also agree to the Terms of Use and Privacy Policy.

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Get Your Free Trial

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course

IMPORTANT!

Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content