Vulnerability Reporting Policy
Security at Mydex
Mydex is an ISO27001 accredited organisation and takes security very seriously. Mydex is constantly pursuing ways to improve the safety of its platform and respond to emerging threats affecting network, data and operational security.
If you are a security researcher or subscriber and believe you have identified a vulnerability in our web apps or APIs, we encourage you to report it to us.
Mydex implements the 'security.txt' reporting standard (RFC 9116) and you can find it here.
Vulnerability Reporting Guidelines
Here's what to do if you want to report a vulnerability.
- Please visit https://mydex.org/.well-known/security.txt to obtain details such as our email address, and GPG public key should you wish to make an encrypted report.
- Please don't share information about the vulnerability with anyone else but us (via the email address in the above link) until we have an opportunity to look into the issue and potentially discuss with you further.
- Once you submit your report, it will enter a ticket tracking system. The Mydex security team will assess it within 5 business days and, if necessary, endeavour to resolve it within that time or shortly thereafter.
- Mydex does not currently offer a monetary bounty program but appreciates responsible disclosure, and generally will be happy to credit you for the discovery to support your reputation as a responsible security researcher.