Responsible Disclosure Policy
Last modified: April 2, 2025
Dolbey is committed to ensuring the safety and security of our customers and employees. We aim to foster an environment of trust, and an open partnership with the security community, and we recognize the importance of vulnerability disclosures in continuing to ensure safety and security for our customers, employees, and company. We have developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.
How to Report a Vulnerability
Report a vulnerability to Dolbey's Security Team at compliance@dolbeyco.com.
Responsible Disclosure Guidelines
When reporting vulnerabilities:- Do not harm Dolbey, its customers, partners, or employees.
- Do not disrupt or degrade Dolbey’s products or services.
- Do not access, store, or share any sensitive data (including PII or PHI). If encountered, stop immediately, permanently delete any copies, and notify Dolbey.
- Do not compromise the privacy or security of individuals.
- Do not introduce malicious software.
- Do not engage in fraudulent activities.
- Do not violate any applicable laws or regulations.
- Do not publicly disclose vulnerability details without Dolbey’s written consent.
Submission Guidelines & Expectations
What to include in your report:- A clear description of the issue, its impact, and potential fixes.
- Step-by-step instructions to reproduce the issue.
- Your contact information (optional but preferred).
What to expect from Dolbey:
- A response and status updates on validated reports, if you have provided your contact information.
- Dolbey does not provide compensation in exchange for disclosed vulnerabilities.
- No legal action by Dolbey against those who follow this Policy and Responsible Disclosure Guidelines.
- If any vulnerability research involves the networks, products, or services of any non-Dolbey entity, such entity may independently determine whether to pursue legal action or other