We acknowledge the valuable role that independent security researchers play in security and, as a result, we encourage responsible reporting of any vulnerabilities that may be found in our site or applications. Virtru is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us in accordance with this responsible disclosure policy.
Reporting a Potential Security Vulnerability
For the security of our users and service, we ask that you do not share details of the suspected vulnerability publicly or with any third party.
Please report the details of any suspected or detected vulnerabilities with Virtru by completing the submission form on this page, including the following information:
- Vulnerability details with information to allow us to efficiently reproduce your steps and validate the vulnerability.
- Your information if you would like to be recognized on our Hall of Fame.
While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is prohibited:
- Performing actions that may negatively affect Virtru or its users (e.g. Spam, Brute Force, Denial of Service, etc).
- Accessing, or attempting to access, data or information that does not belong to you.
- Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
- Social engineering any Virtru service desk or personnel.
- Violating any laws or breaching any agreements in order to discover vulnerabilities.
Our Commitment to Researchers
If you responsibly report a vulnerability in accordance with this policy, we will:
- Promptly respond to acknowledge the receipt of your report.
- Provide an estimated timeframe for addressing the vulnerability.
- Notify you when the vulnerability has been remediated.
Contributor Hall of Fame
Virtru greatly appreciates anyone who has contributed to the security of our users by responsibly disclosing vulnerabilities to us. Thank you for your efforts!