Security Vulnerability Reporting Policy

Mimosa values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.

If you are a security researcher and would like to report a security vulnerability, please send an email to: sirt@mimosa.co.

Please provide your name, contact information, and company name (if applicable) with each report. Priority will be granted to encrypted reports – please include your PGP public key with such reports.


-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

mQENBFW9g18BCADKQ4pGnC8Ee/NZ7X07dS++rdVESzVmTSjPjQaLFDa1n8+Pmyur 2YpAPblPmiLQmI6dWtUepHvcNufDdK2RMgboBUwBhFwr+6jlAf6mIyPSFNP5btKf 0e1aqUvWMC6hk1xThioq6bz0Ryo285SXPTsWgLRxpSnCnkh6dH/P5vBRPaxWvluq wEAmpa7XCQLxzZ1PWhiRoKfN6XrfQK4nlst5P+297Tv9VxO1mwiLiwFhBhWVf+li wP66AbiFuNESn5JSyitzTxWopXiebmyY8Wd8trtmqXbHSjqnxI0l5mE5oM0JI3tJ hEKVln7sMpMNjTYJp2MwEt8eNtClfh3mjguZABEBAAG0KE1pbW9zYVNpcnQgKE1p bW9zIFNJUlQpIDxzaXJ0QG1pbW9zYS5jbz6JAT0EEwEKACcFAlW9g18CGwMFCQeG H4AFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQbow/2dlVckHChQf/ScndugIB DJZ7rKE1OnT9qo/QOMMM4+5aQ69wBb5Cd4pUrI+ojaq7FJL7nWxfopNEOCRuu21P UiwYSW+ZGiKRR8qtfIrGEWnlv2FFMOz4KCnIhJFH67nO1KVgx4GipoR2vwHyYyWj +BXPLs5RiAGIQjocYg8PEwoy/a/L8F0onnfsN/ue9aY1CaOP1G3IwvSPya5yBTRI kmCP0cEF+Q80VnUEqT8oRvEH4N+YIzEhy+v0vWE/yrmrc/81XiveuqovSypEVtvl Tw/5gSFPpNJEzujvvhVdS+phxOnaXWAEk7w76F1ALa3254CUisRA4NbyrZhp2Ccb ooSR6akc806G3rkBDQRVvYNfAQgA8D/3KgrpW0d0AcDXOIrxcycCVnqukcPH7bjj CFuN6JxuxJ7vtpqiaRuhvRiOYLjEi+I5KQBe0ZD1dkpmaNhoGhlfDLMX3tqasGNr rBm8FH1FExjS+XqBwxPPYqrZ8dsMS01qaanpSIS1qT6pHn/C+EpdqMiFPIU5clBQ 1ExkGpIp+WmCjqzJoLJiRibiZkAvw6dzmb+7F3D+UH7YKizTVPGT2rUEZl8CZktB 5pzO7RUIzih6TFK2xR+4K7VL4mQOPdA+FW5FEwzP5pq3RuDD4Q0hwrdx+RFAgjAc eLMKm/y1WamXVIQaYrLa0+n2sUhbG/PD74eG5wM2xvVUL3A7qwARAQABiQElBBgB CgAPBQJVvYNfAhsMBQkHhh+AAAoJEG6MP9nZVXJBLwYIAJN4kNL8UBZrHVOnOKD/ g4H3zNOTav2lb01u+T0/rwOMqF109zC49vCcvHqCF4HEEknMyQG1PnUQFeXONXCj zX1W0hSWAv25eEDNajSXGwd8ab6GnNCLydHLcbkelJzGV6bPZt6iDvLSYv6oDY5O 4Pm4ixONjE1o0yAJ0muEZoqrqIq8uBEjPVfdpLc3a6cr/21EpAJQfrlPI6xbgqh9 GBeoywQNewedEhEK25wLQcEEG8EsGUJ2ZleUM522A89EDqnCI2ZOXZtbuno/31TH /3twGhlrhelvy0CdysbV6eD6kf17Snp0nDnTGAn4S3kJLOiP2nYH15HSeqW57vT2 0SE= =YlAV

-----END PGP PUBLIC KEY BLOCK-----


Responsible Disclosure Guidelines

We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:

  • Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC);
  • Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services;
  • Do not modify or access data that does not belong to you;
  • Give us a reasonable time to correct the issue before making any information public.

We will attempt to respond to your report within 1-2 business days.



Legal Documentation