Catalyst Software’s Responsible Disclosure Policy covers the following products:
- Catalyst Software’s core platform
We intend to increase our scope as we build capacity and experience with this process. Researchers who submit a vulnerability report to us will be given full credit on our website once the submission has been accepted and validated by our product security team.
We will not engage in legal action against individuals who submit vulnerability reports through our Vulnerability Reporting inbox. We openly accept reports for the currently listed Catalyst Software products. We agree not to pursue legal action against individuals who:
- Engage in testing of systems/research without harming Catalyst Software or its customers.
- Engage in vulnerability testing within the scope of our vulnerability disclosure program.
- Test on products without affecting customers, or receive permission/consent from customers before engaging in vulnerability testing against their devices/software, etc.
- Adhere to the laws of their location and the location of Catalyst Software. For example, violating laws that would only result in a claim by Catalyst Software (and not a criminal claim) may be acceptable as Catalyst Software is authorizing the activity (reverse engineering or circumventing protective measures) to improve its system.
- Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe expires.
Catalyst leverages an expert 3rd party for exhaustive penetration testing, and this is the primary method for evaluating and resolving external vulnerabilities. While we do encourage submission of vulnerabilities identified through our Responsible Disclosure program, Catalyst will evaluate them against the findings from our penetration testing. At this time, Catalyst does not offer rewards through our Responsible Disclosure program, but if they are unique findings not identified by our Penetration Testing, we will respond to all submissions as outlined below.
To submit a vulnerability report to Catalyst Software’s Product Security Team, please utilize the following email firstname.lastname@example.org.
At Catalyst, we strive to operate in an honest, fair and ethical manner, and take abuse or inappropriate behavior seriously. If you have witnessed behavior that you believe to be unethical, harmful or illegal, you may report that using this form.
Your submission will be completely anonymous.