Odaseva Vulnerability Disclosure

We welcome and encourage security researchers to test the Odaseva website and platform, and report any vulnerabilities to our security team. 

Odaseva will not initiate legal action against security researchers for their efforts to research and report on a vulnerability, as long as they adhere to this policy:

Odaseva Vulnerability Disclosure Policy:

While we encourage security researchers to discover and report to us any vulnerabilities you find in a responsible manner, the following is prohibited:

• Performing actions that may negatively affect Odaseva or its customers (e.g. spam, brute force, DDoS attacks…)
• Accessing, or attempting to access, data or information that does not belong to you
• Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
• Conducting any kind of physical or electronic attack on Odaseva personnel, property, or data centers
• Social engineering any Odaseva service desk, employee or contractor
• Conduct vulnerability testing of participating services using anything other than test accounts
• Violating any laws or breaching any agreements in order to discover vulnerabilities

How to report a security vulnerability:

If you suspect a vulnerability, please share the details with the Odaseva security team in a timely manner by emailing [email protected]. Please do not share this information with any other party.

Our Security Team Commitment:

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, our Odaseva  security team and associated development organizations will use reasonable efforts to:

• Acknowledging receipt of your vulnerability report and respond in a timely manner
• Provide an estimated time frame for addressing the vulnerability reported
• Notify you when the vulnerability has been resolved

PGP Key details:

We encourage finders to use encrypted communication channels to protect the confidentiality of vulnerability reports using our PGP public key

 

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQGNBGGzEuYBDADNHEdF2VnGNG8D7S7ZFDaOboR6/7cvvLZDKvowB/h0LMBfOaKM

MN62A8i2Ih2fXUYNdCMMsHYPa2nmMcfvaojcYJzizotRaGrJ+N2HdNVm7bWWjTXw

tXzoviETOo8DgNt95pwsw38MSW79csRg+1K+LYZOQNwMXfy67V4OWhby+VLM/qlr

TPVTOyMD/LvJOGGHSej6qZpWCirYo9OsYbhS90V0xuxEpmm2cNv0e91Fa18vdpnk

/ImVqlkmxBs1rzmBt5+F5B3A5u0ElbHi/WndnL8if8AtO0Ke1a2uE8m9C/xfAjBU

h8RDolgRpIvQGBeQTPSk811j7+GuVne4Exq+UlUnewFu/94DpdBf/gONbDVNr5IV

+fvO09QzBUhAQomfmaZp3q1o77o9EZ2KytBJWYNSAFpv7w/IsQ6hHysDQJb4aea9

trojXP6tCH5hozrGQh8gNfcx+u02aTJgQolkmjswtAgDZtfP5AjJ0ZC2OurrQR/l

s20vkex9JTUZ+bEAEQEAAbQ8T2Rhc2V2YSBWdWxuZXJhYmlsaXR5IERpc2Nsb3N1

cmUgPHZ1bG5lcmFiaWxpdHlAb2Rhc2V2YS5jb20+iQHUBBMBCAA+FiEEMkIQJu/S

KJx8gB4fo06TEChWRIgFAmGzEuYCGwMFCQeGP8oFCwkIBwIGFQoJCAsCBBYCAwEC

HgECF4AACgkQo06TEChWRIjD1Av/UcRirWOlMu6ruOjRTGwEikn2kSfFrP6FiFAn

ocIcnBxF7RkH+vlztqvgC20/bpzNv0Rc9IrLHzGn8EAyYPOHjr4eGiXCe8W8jhV2

s887bCpSDisycnlZzsLZnCAJlt8Dx2UmfJ0SmEV2Tu1zWjPHPrt4lQZc8YCr8np8

q/P7wlOsUrRVlozatycVizz9PzUZH3EDcrK5Vcf1CaG2vHg7teYmVJEimlh3bqbd

8fbeIjbP4xWJePo30Qs7IE1h7ZPTogWhT7jyrWCstiizjabqxjjnpm++pOlxjiWg

KWyoszMwQIQGCz0Ow+xkWr3lLIUzhEp2lLbLWXjXSWLKMnCoVdH403epulatNFqq

bXaTaokQOtXrvWCV9Vws/E3FMMPFNuhHad+niCltzl74b3Y9JDkNxt1k/SVCBFGy

50D/B2WXVM1eE0Oc8/Akh1C8QPnF15gPXAhtiWuIu1VtE8wRILiJMjrNBmoaI2za

oZKha2nRz5QufhprHeqvn7dkCnmGuQGNBGGzEuYBDAC+JfjXtSrfPBXWkmTG+61D

m9JtzxJrcEFZu7sSt8OjsA5Xk4Gy+haaexpYASdYqi3tCxxtllmTv1JtjFCDqejP

nQ4iT2Hnr5PJJY6iZGI/Br50RjCtWDrLN1BMknVIbKobKOk4tsLmcqgXiiH2y6nd

i5KoZKqqCL1y+ifahUspB4Zd2+mlWn+E4o39gzWIJn0W9jboQrzUEvBq2dHdBnqd

r82gT1O+LacsudyDP3hhyHFI/gOC4PbS+o7KsVB3Cwhk+AAA6N0Osbi9da1VZNe6

Uo4Q94FUYyu62ZX6GKu6CWMIkHErmXxWw9BRkRYuNMaxj++5UkEeJk6TlnQ2qi87

l/mGAzXaYk+b7NN+WKcwjb4S4g5T784IOb+BfAjzNBkVq7AuJyyYMvmltv3Odn7M

mTWAKii7Tv+SiqzF9Xj2QKZDyyMMjsSNls5n1B6+7A5QG9aGTtQX9de7tvXwzAle

IkUFVztbtelat6QxGgNheqNSnDXOHmE9dfalDXm0KesAEQEAAYkBvAQYAQgAJhYh

BDJCECbv0iicfIAeH6NOkxAoVkSIBQJhsxLmAhsMBQkHhj/KAAoJEKNOkxAoVkSI

eKQL/jT9c8iaZcUbMI/imUAf76qOWp+YAxkGkNhhI6sXY1J2d2/7IM5duefMHG51

8v0urya/PfPyrw13da4nbNePOf4Bmz8j2/vsqB/kC4kI5M4JeXMPQFOTyVdseJ7Q

8XJmDYcSglYrcPVZkmai6/HF5RKnaPsCLAdpIogFczjNF14C0dep6CdiEQaI+jDu

lCnHH4oKw+SqerU2kCFwZzHq7yaykpjRDwgRtO/2R4nC6sa7lmf1zXnTm7nQeZzk

gGcj2n5K91EEzJK3ycwlHni6HXYMq4ZmncnMkctpmm63PjgrwnTNOfoil16x4Hr5

I64b7ARYY3zzMFah+GV5oyhhF2bT/d7jTXb7IJw2zDQFMvTMWPQguG0tiYPzN+YP

d3dnITk1rMTEWCe6ec7jizQLBFdQajxWr054oCfwS/SIDqsC01Nv5cedZGqqvF/D

K2z7+nAapyJz+rfl/i9umUcOi+IJZFbVJ9V+dTWn3HQqBD8+u5VgUgp2e0WDdklo

XvTjIA==

=2yHL

—–END PGP PUBLIC KEY BLOCK—–