At LuzFaltex, trust is our number one value, and we take the protection of our members' data very seriously.
LuzFaltex acknowledges the valuable role that independent security researchers play in internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our site or applications. Luzfaltex is committed to working with security researchers to verify and address potential vulnerabilities that are reported to us.
Please review these terms before you test and/or report a vulnerability. LuzFaltex pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. If you are a security researcher and have found a vulnerability that is not resolved by the 10 Immutable Laws Of Security, please send an email to us at security(at)luzfaltex.com with as much of the information below as possible. This information will help us to better understand the nature and scope of the possible issue:
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the bug
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
To encrypt your message with our PGP key, please download it here (or in the attachments below). You should receive a response within three business days. If you do not, please follow up with us to ensure we received your message.
In order to be complaint with this policy, please refrain from
- Accessing private information more than required to reasonably demonstrate the scope of the vulnerability
- Modifying or deleting data that does not belong to you
- Releasing any information not directly related to the exploit
Reporting and Dissemination of Information
When we find a vulnerability, we develop a patch as quickly as possible and broadly disseminate information about the vulnerability, the risk it poses, and what customers can do to protect themselves against it.
However, to do this we need the help of the people who discover security vulnerabilities. We cannot develop security patches overnight. Diagnosing and patching a vulnerability is a significant engineering challenge under any conditions, but it is even more difficult when details of a vulnerability have been made public before a patch can be developed. In such cases, speed must become our primary consideration, in order to protect our customers against malicious users who would exploit the vulnerability.
The responsibility for LuzFaltex's products rests with LuxFaltex alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.
Many security professionals follow these practices, and LuzFaltex wants to single them out for special thanks. The Hall of Fame is intended to do this. When you see a security professional acknowledged in a Hall of Fame, it means that they reported the vulnerability to us confidentially, worked with us to develop the patch, and helped us disseminate information about it once the threat was eliminated. They minimized the threat to customers everywhere by ensuring that LuzFaltex could fix the problem before malicious users even knew it existed.
((Public key coming soon!))