Security Disclosure Policy
1. Introduction
1.1 Background
Alfred Analytics FZCO ("Alfred", "Alfred Capital", or "we") recognizes the importance of security in its operations and the need to protect its systems, data, and customers. Alfred is a Software as a Service (SAAS) platform that enables users to find the most profitable traders of GMX and copy their trades automatically.
1.2 Purpose of the Policy
This Security Disclosure Policy is designed to provide guidelines to security researchers, ethical hackers, and other good-faith security enthusiasts (collectively referred to as “white hat hackers” or “researchers”) regarding the submission of discovered vulnerabilities or security issues within Alfred’s systems, software, and services. The goal is to encourage responsible reporting of potential security issues, promote transparency, and ensure a collaborative environment between Alfred and the security community.
1.3 Scope
This policy applies to all of Alfred’s digital assets, including but not limited to, its website, web applications, mobile applications, APIs, servers, and related infrastructure.
2. Responsible Disclosure
2.1 Reporting a Vulnerability
Researchers are encouraged to responsibly disclose any vulnerabilities they discover to Alfred through the provided communication channels. Reports should be submitted via email to [email protected].
2.2 Report Content
A complete and detailed report is crucial for us to understand, reproduce, and address the vulnerability effectively. Your report should include:
A clear and concise description of the vulnerability, including the potential impact and the affected services or components.
Detailed steps to reproduce the issue, including any necessary proof of concept code, screenshots, or videos.
Any additional information that might be helpful in understanding or addressing the issue, such as network logs or system configuration details.
2.3 Eligibility and Scope
To qualify for a response and potential recognition, researchers must:
Adhere strictly to this Security Disclosure Policy.
Conduct their research in a way that avoids any violation of law.
Avoid compromising the privacy or safety of Alfred’s users, staff, or systems.
Refrain from accessing, modifying, or deleting unauthorized data.
Avoid disruption or degradation of Alfred’s services.
2.4 Exclusions
The following types of issues are excluded from the scope of this policy:
Previously known and reported vulnerabilities.
Issues that are not reproducible.
Issues that have a negligible security impact.
Spam, social engineering, and physical attacks.
Third-party applications, services, or systems not under Alfred’s control.
3. Legal Considerations
3.1 Safe Harbor
When conducting vulnerability research consistent with this policy, Alfred considers this research to be:
Authorized concerning any applicable anti-hacking laws.
Exempt from restrictions in Alfred’s Terms of Service that would interfere with conducting security research.
Lawful, helpful to the overall security of the Internet, and conducted in good faith.
You are expected, as always, to comply with all applicable laws.
3.2 Disclosure Limitations
While we are committed to transparency and timely disclosure of vulnerabilities, there are circumstances under which we may delay disclosure:
If disclosure during an ongoing investigation would impede the investigation.
If disclosure would expose users to greater risk before a patch or workaround is widely available.
4. Handling and Processing of Reports
4.1 Acknowledgement of Receipt
Upon receiving a vulnerability report, Alfred will acknowledge receipt of the report within five (5) business days.
4.2 Assessment and Validation
Alfred will assess and validate the reported vulnerability. This process may require further communication with the researcher to understand the issue completely.
4.3 Remediation and Disclosure
Once the vulnerability is validated, Alfred will work diligently to address the issue. Alfred is committed to being transparent about the vulnerability management process and will keep the researcher informed of progress.
4.4 Recognition
Alfred values the contribution of security researchers and will recognize their efforts in accordance with the severity of the reported vulnerability and the quality of the report. Recognition may come in various forms, including but not limited to, acknowledgement in Alfred’s Hall of Fame, letters of appreciation, or other tokens of gratitude.
5. Communication
5.1 Contact Information
All communications regarding vulnerabilities and security issues should be directed to [email protected].
5.2 Expectations
Researchers should expect:
An acknowledgement of receipt within five (5) business days.
Regular updates regarding the status of the reported issue.
Confidentiality in handling the reported issue.
6. Confidentiality
6.1 Non-Disclosure Agreement (NDA)
In certain cases, Alfred may require the researcher to sign a Non-Disclosure Agreement (NDA) before detailed information about the vulnerability is shared.
6.2 Protecting User Data
The researcher must not disclose any user data that may have been accessed during the vulnerability discovery process. Alfred takes the privacy and security of user data very seriously.
7. Conclusion
Alfred Analytics FZCO is committed to ensuring the security of its users, systems, and data. We believe in fostering a collaborative relationship with the security community to achieve this goal. By following the guidelines outlined in this Security Disclosure Policy, researchers contribute to the overall security and integrity of Alfred’s services, benefiting the entire community.
8. Policy Version and Changes
8.1 Version
This is version 1.0 of the Alfred Analytics FZCO Security Disclosure Policy.
8.2 Changes to This Policy
Alfred Analytics FZCO reserves the right to change or update this policy at any time. Researchers are encouraged to review this policy regularly to stay informed about any changes.
Alfred Analytics FZCO
DSO-IFZA, IFZA Properties, Dubai Silicon Oasis,
Dubai, United Arab Emirates
Phone: +19985437008
Email: [email protected]
Last updated