Introduction

At Vertical 1 Communications LLC, we take the security of our systems and services seriously. We are committed to maintaining a safe and secure environment for our clients, partners, and the public.

We recognize the important role that security researchers and the community play in helping us achieve this goal. This policy outlines how to responsibly report security vulnerabilities to our team.

Scope

This policy applies to any digital assets owned, operated, or maintained by Vertical 1 Communications LLC, including public websites, applications, and systems that are accessible via the internet.

Guidelines for Responsible Disclosure

To report a vulnerability, we request that you:

– Avoid violating privacy, destroying data, or disrupting services

– Avoid accessing, modifying, or deleting data without authorization

– Provide sufficient detail to allow us to reproduce and validate the issue

– Give us a reasonable amount of time to resolve the issue before publicly disclosing it

Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please report it by emailing us at security@vertical-one.com. Include the following information, if possible:

– A description of the vulnerability

– The services or systems affected

– Steps to reproduce the issue

– Any relevant screenshots or proof-of-concept code

Our Commitment

Upon receiving your report, we will:

– Acknowledge receipt within 5 business days

– Investigate the issue and validate the report- Take appropriate steps to mitigate the vulnerability

– Provide status updates during our remediation process

Safe Harbor

We will not initiate legal action against researchers who:

– Engage in good faith testing and reporting of vulnerabilities

– Do not intentionally compromise the privacy or safety of our users

– Comply with the terms of this disclosure policy

Exclusions

This policy does not authorize:

– Physical testing (e.g., office building, hardware)

– Social engineering (e.g., phishing, pretexting)

– Denial of service (DoS/DDoS) testing

– Use of automated scanners without prior authorization

Policy Updates

We may update this policy at any time. Updates will be posted on our website with the revised effective date.

Thank you for helping us protect our systems and users. We appreciate your contribution to our ongoing security efforts.