Please review this policy before you test and/or report a potential issue on the SMART-TRIAL platform or website.
SMART-TRIAL is committed to protect and safeguard safety and data security of the SMART-TRIAL EDC platform and website. Thus, we highly encourage responsible disclosure of security issues you may have found on any of our assets. Please note that we do not offer any form of monetary rewards for submission of issues.
Reporting a potential security vulnerability
At SMART-TRIAL, system security and safety are paramount and a core focus that is continuously improved. If you believe you have found a potential vulnerability on either the SMART-TRIAL EDC platform or the SMART-TRIAL website domains, please inform us directly so we can take all necessary actions to solve the issue.
You can submit your reports to firstname.lastname@example.org. We are always open to cooperate with you to ensure optimal security on our platforms and will act quickly to mitigate any vulnerability.
We encourage you to report any vulnerabilities you find to us in a responsible manner and ask that you:
- Let us know as soon as possible upon discovery of a potential security issue.
- Give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.
- Only interact with accounts you own or with explicit permission of the account holder.
- Make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to)destruction of data and interruption or degradation of our services.
- You do not exploit a security issue you discover for any reason. This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.
- Do not violate any applicable laws or regulations.
- Performing actions that may negatively affect SMART-TRIAL or its users (e.g.,Spam, Brute Force, Denial of Service, etc.)
- Accessing, or attempting to access, data or information that does not belong to you
- Conducting any kind of physical or electronic attack on SMART-TRIAL personnel, data centers or property
- Social engineering (including phishing) any SMART-TRIAL support operations, employees or contractors
- Conducting vulnerability testing of participating services using anything other than dedicated security test SaaS instances
- Violating any laws or breaching any agreements to discover vulnerabilities