At the Alliance for Epidemic Preparedness, Prevention, Education and Control (AEPPEC), we take the security of our website (https://aeppec.org/) and digital infrastructure seriously. We value the contributions of security researchers and the broader community in helping us identify and address potential vulnerabilities. We have established this Vulnerability Disclosure Policy to provide clear guidelines on how to report any security issues you may discover.
Reporting a Vulnerability
If you believe you have identified a vulnerability on the AEPPEC website or any associated systems, we encourage you to report it to us promptly. We appreciate your cooperation in keeping the organization and its digital assets secure.
To report a vulnerability, please follow these guidelines:
Submitting a Report:
Send an email to info@aeppec.org with the subject line “Security – Vulnerability Disclosure.” Provide a detailed description of the vulnerability, including the steps to reproduce it and any supporting documentation or proof-of-concept code.
Responsible Disclosure:
We kindly request that you allow us a reasonable amount of time to investigate and address the vulnerability before disclosing it to the public or any third parties. We commit to acknowledging receipt of your report within 48 hours and to providing regular updates on the progress of the investigation.
Scope:
This policy applies only to the AEPPEC website (https://aeppec.org/) and its associated digital assets. Vulnerabilities discovered in any third-party applications, services, or platforms should be reported directly to the respective vendor or organization.
Prohibited Actions:
Attempting to access, modify, or destroy data beyond what is necessary to demonstrate the vulnerability. Engaging in any form of social engineering, phishing, or other malicious activities. Disrupting or degrading the availability or performance of our systems.
Legalities:
We commit to not take legal action against individuals who report vulnerabilities in accordance with this policy, provided they act in good faith and comply with the guidelines. We request that you do not disclose any personal data or sensitive information of other individuals during your research.
Recognition:
While we greatly appreciate your efforts, we do not offer monetary rewards or bounties for vulnerability reports. We may, at our discretion, acknowledge and recognize individuals who responsibly disclose vulnerabilities and assist in their resolution. By participating in the responsible disclosure of vulnerabilities, you contribute to the overall security of our organization and help protect the privacy and data of our users. We appreciate your support in maintaining a secure online environment for all.
This Vulnerability Disclosure Policy is subject to change without prior notice. Please refer to the latest version on our website. Thank you for your cooperation. Alliance for Epidemic Preparedness, Prevention, Education and Control (AEPPEC)