Security Vulnerability Disclosure Policy
TARE takes the security of our systems and our users' data seriously. We value the security community and appreciate responsible disclosure of vulnerabilities.
Reporting a Vulnerability
If you believe you have found a security vulnerability in any TARE application or platform, please report it to us as quickly as possible.
Please email your findings to:
security@tareops.comIf technically feasible, please use our PGP Key to encrypt your report.
Our Commitment
If you act in good faith to discover and report security vulnerabilities in accordance with this policy, we will:
- Acknowledge receipt of your report promptly (usually within 24 hours).
- Provide an estimated timeframe for addressing the vulnerability.
- Notify you when the vulnerability has been fixed.
- Optionally publicly acknowledge your responsible disclosure (with your permission).
Safe Harbor
We will not pursue legal action against you for research activities that are consistent with this policy. We consider such activities to be authorized conduct under the Computer Fraud and Abuse Act (CFAA) and other applicable laws.
If legal action is initiated by a third party against you for activities conducted in accordance with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Scope
In Scope:
- *.tareops.com
- Our API endpoints
- Our client-side applications (web and desktop)
Out of Scope:
- Denial of Service (DoS) attacks.
- Social engineering (phishing, vishing) of our employees or contractors.
- Physical attacks against our offices or data centers.
- Automated scanning tools that generate significant traffic.