Tzunami Inc. Vulnerability Disclosure Policy
Our Commitment
Tzunami Inc. values the security of our products, including Tzunami Deployer, Tzunami OpenText Content Server Exporter, and Cloudsfer. We welcome reports of suspected security vulnerabilities from customers, researchers, and members of the public, and are committed to working with reporters to understand and address issues quickly.
How to Report a Vulnerability
If you believe you’ve found a security vulnerability in any Tzunami or Cloudsfer product or service, please report it to:
Please include, where possible:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any relevant logs, screenshots, or proof-of-concept material
- Any relevant logs, screenshots, or proof-of-concept material
What You Can Expect From Us
- Acknowledgment: We will acknowledge receipt of your report within 5 business days.
- Investigation: We will investigate and assess the reported issue within 30 days of acknowledgment, and let you know our assessment.
- Resolution: Confirmed vulnerabilities will be prioritized based on severity and addressed in a timely manner. We will keep you informed of significant progress toward resolution.
- Confidentiality: We ask that you keep any discovered vulnerabilities confidential until we’ve had the opportunity to investigate and address them, and we will not take legal action against good-faith security research conducted under this policy.
Scope
This policy applies to Tzunami Deployer, Tzunami OpenText Content Server Exporter, Tzunami Deployer Service Components, and Cloudsfer. Please do not attempt to access, modify, or exfiltrate data belonging to other customers in the course of testing.
Contact
Tzunami Inc., 100 Park Avenue, 16th Floor, New York, NY 10017