Reporting a Security Issue
Here is our guidance on working with us to report a security issue in any of our products (including our website).
Security is paramount to us at Strivacity. We work diligently to ensure the organizations and brands depending on Strivacity can do so with the fundamental understanding that their information is secure and private.
We strongly believe in tackling and resolving security issues head on, and we value the crucial role security researchers play in helping us improve our products and services.

Guidelines For Responsible Disclosure

At Strivacity, we promise to investigate all reports of security issues and work quickly to address verifiable vulnerabilities.
Once we verify and address an uncovered issue, all we ask is you give us the opportunity to provide our customers with a fix before releasing any information publicly.
As we work together toward resolution, we will give you full public acknowledgement in helping improve the security of our offerings.

Excluded Issues

Unless you are able to demonstrate an issue which results in a chained attack with a high impact, we ask that you do not report to us any of the following issues:
1) Issues exploitable through clickjacking
2) Missing HTTP security headers
3) HTTP 404 codes/pages or other HTTP non-200 codes/pages
4) The OPTIONS / TRACE HTTP method enabled
5) Anti-MIME-Sniffing header X-Content-Type-Options
6) Username, email address or phone number discovery via a Login page error message
7) Username, email address or phone number via Forgotten Password error message
8) Error messages (e.g. Stack Traces, application or server errors)
9) Disclosure of known public files or directories, (e.g. robots.txt)
10) Clickjacking and issues only exploitable through clickjacking
11) CSRF on forms that are available to anonymous visitors
12) Logout Cross-Site Request Forgery (logout CSRF)
13) Remember my device or Remember my username functionality
14) Lack of Secure and HTTPOnly cookie flags
15) Lack of Security Speedbump when leaving the site
16) SSL Attacks such as BEAST, BREACH, Renegotiation attack
17) SSL Forward secrecy not enabled
18) SSL Insecure cipher suites
19) The Anti-MIME-Sniffing header X-Content-Type-Options
20) Spam related issues such as DMARC

Ready To Tell Us About A Security Issue?

First and foremost, please wait until we have acknowledged and fixed the issue before publicizing - for example, posting it to a public forum, sharing it on social media, and/or presenting it as part of a conference talk. We take the security and privacy of our customers extremely seriously, and their protection is of the utmost importance.
When you’re ready to report a security issue, please email us at [email protected]. If you can, utilize our PGP key below.
Our PGP fingerprint is: CB4C 7C3D 3586 425B F7FB 4B01 500D 02FC AFDA 582F
In your email, please provide the following:
1) A detailed description relaying the steps to reproduce the vulnerability, as well as exactly where in the process the vulnerability is found
2) A classification of the vulnerability using NIST Common Vulnerability Scoring System (CVSS) - while this information is helpful to us, it is not required if you’re unable to provide

Strivacity PGP Public Key

1
-----BEGIN PGP PUBLIC KEY BLOCK-----
2
3
mQINBF18U9wBEAC9L7EX7Ml/FIruy5gsxCU0ORyZtJiyaocRgysqYjxOHQcjpjPn
4
kalWWOdEZk2M/qtU2MgjXlmd4+/dAXLLGu3QUcS5mTuNBtSFjkk1TCWQYRMYrGpd
5
gKVNPp/f60wd+e3hQ7n1sXvCtVnrPwzEIgT/LKwqM/b5dABMR/73D7YTs5AUOYlD
6
AhsWeZyCFtexExGN9oC/2RcrjMX3ajOYd19BlNgZ2OrY0XMxXBJwPOqk+fDAYgZl
7
D3KRu9Z31WrPFg6NKF2H57BfebZtig1SHChN1alZfIQ2btNiE4nFTHdC936o2tXF
8
nboGe9cGw23SJlUDg3Wi/+k2zcUeu6IitVefNDORWZHxSaZScEJ4Uobp2JLUShKs
9
ipyBrIuRmthyCnnTvaQ+lJEkvLgLnaHA2FNPLRXUDbXhhrVSjJK0+XEEwDZvOMiL
10
H/EzyryjZb3B4jYJhRpJbIyLz6dJBOA6rcmN3E7khbY/yTNojcPNYjxO/CV6/w6Q
11
QfxPbIarsI/f4zWVyH1/L3I0KWkhNNxUQ9uY0gYYPG4GczPoqn5k5FDP4oJzp2f1
12
l32naAduxlsCkJ5DOc0wDlVngWfmkeyrGnKb3pVxrFmA/87FYKcBxu6HlWxQhi1g
13
Zn82olQGSKqfdySUGcQR6olRGL4dwrtPNn5wB0XRv9qYj1hL3gd7PGevywARAQAB
14
tD1TdHJpdmFjaXR5IFZ1bG5lcmFiaWxpdHkgU3VibWlzc2lvbiA8c2VjdXJpdHlA
15
c3RyaXZhY2l0eS5jb20+iQJOBBMBCAA4FiEEy0x8PTWGQlv3+0sBUA0C/K/aWC8F
16
Al18U9wCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQUA0C/K/aWC9ZCQ/5
17
AVRI6uI8y1nSQg30WElUUPgmLqvy+ZYcH+pHf4c7VUtm2qLVRs7VewMLNGlg8lo1
18
a1hylv241zMVL2rJouM6hO2IJFzkHlVPKboIxJlxnMNsVi2rLce+zFZGyzxYMDfR
19
qF/1LwSn2SQdbOfvZp7O4mSUk6tWhu7bOO8kxxPlOvIFC+47Kxn0rf0+bg2JRqxH
20
Bo915YiZfIwq7ILB9kiBukjFTZuLNoFlekoHxgK4OCnfCStNg8OXHkkRcQem2Ptk
21
bzPgPy3EtZ0BB/qiRN3kEHMdJCZkQ24W9wQ/fS8JkkTrsCVIbT7g/4MJ29mk1klx
22
u5nvsSI1heoRotNcAh0CI+AzuqSGsvov+kIcHKNNQvhZ8kb9Y43B8utJKiw3a8Al
23
yEjlqPSF4JVYC1HprEccyKpyzzMcLfYS6zi9iOiya/IuOfZLOOJASDrvD3HQguaa
24
s1te8vwHbS7GqUoVBe82ZCJju3Vj1ta5eOH/BlKIEr2ZJaSIbgdtXImu08prikl9
25
jju3Ne4KD9IDEA3XPhAF5cOR6TprcakDUS/BajZxv6AcHx+P258UrM05or3U/tgT
26
8mDSG/vbjE5gFkJtR+lRxK+wi38nUaExxvD3ikq36Oj2s2BxCXFnkZljub6kMtHL
27
V7bfsYvpaFUBG7n6ql/IPU1uGI5KntzSaIU7w2qieQG5Ag0EXXxT3AEQAMXDx5CY
28
NEl/laEF+tlJk2ux/j5LuyimYsgn8Ie47zRPIejR5apHiWM1D7bOOtn+q03SaVpY
29
SQjEKRbODgp3Y4I26mRUlrQ24jE/6/Nc6BFv9uw54mSzbbeICRuoWBVqEavLw99Z
30
oJO7UbHRPzj0+qmwyCZ7kPDoEJ2NStBIMnSOAYco/2DuctAbe3rLkam9EBRDxPmU
31
WVD61krYU2pIqjGHZQOKuCx/JwE5Qf86nKS5JHJY7blDJCp/A4XcmKX36mJBw622
32
YCSzaQ6RaLOb8Co3x2KBGf0T0swdEQQzTwtOpmRqxR9oyUhg+2sX4iiOtHG5I4P1
33
SL5u42d1D1+ksLWhtHOhDBlLgnuSKmWhSuCnuYxmvEUVpceB3Uxz1z3XTqKBFt2G
34
FjlXIIfx7EFj4Fpr1vA6w7Sib777z5oYJ7eMD0thVwMRUBJQQ1ILJQ9WSNo4wYKH
35
wD9xNAJorzzOClNFI1EROuzcJsoouS7yv4i6KUT2LoBGMoRrupEDzknPUk3NNTIo
36
fjAFtisEjnndmyFtauzwrFO/E5vWjr9pvuT/pt0/7eA7PwBsQnj9kpHXl+N3GaNI
37
pl9gSAUtD09fQ4nioKq7caXQZQfesmoDNK73f317gF7WgIialYbLNKGZiBh3uSwK
38
iKFAU2UUkp9h/qmoNsxVXpvMrvvOXwl3PD/jABEBAAGJAjYEGAEIACAWIQTLTHw9
39
NYZCW/f7SwFQDQL8r9pYLwUCXXxT3AIbDAAKCRBQDQL8r9pYL58+D/4uf6oJpz+j
40
29EfbZjUOFvIkiTYDDFNUv2hKIBVayYE7pUsAqg6Qs7Q6xb+CqZI0aOCly2Re+sr
41
7jS1mbqI+gZdgkGOi/3I1JKnrkaKOe9YPqswztt+Q9lLN1YDY+u6+TMWqsc0O0V3
42
aUO42gsw+nvYCAQfri6zp6k/OS3IhnryNtLHRpcxgcff82UfrMfZTMyvi0aQMut+
43
OKIZyuTbtchhxy57rokC3vYscYTzn1DsbdczasSs3tDWNdLN/p5MIrIDVbEeSa1z
44
TceFwWY3i63ncObn5Vm/Ukx0lJA5OqRPLERe1t6fScIdbPFXDhHPb+LBpO7P2xGF
45
UsbDVFzfHS4B3UmS/A6Jc2a2kc3I6MDrXpyLM/b/lUY7Dligx1hL7NY/KhECc1pG
46
+rrkgYgcxdN9fCJqDW0qwIniLfK/QLN4NEgalN3nuZnzdswSahlWc3H947hSCfOy
47
ZKktdrBUi25vGS/g1Fdc4Yo7aoFN0In6X6QZIZaKmU2t6ut4pU5yYP4EO0dWHYki
48
uCXTrezihnwabvD0D3WH56CDZtrBSBXNygI3RsPDkqfAfU7Bcw+LY1svSD5O8kp6
49
xgmwpWxqzPvB96WNLoftT8EHuyDMUGnDdVZ4QECjyX1qjKWnE0f2kx8MFbh8XQbz
50
nFbcQUHzDibU6/4RblpT33HBfW/HhMomzA==
51
=S0It
52
-----END PGP PUBLIC KEY BLOCK-----
Copied!
Last modified 7d ago