Syncfusion is committed to the privacy, safety, and security of our customers.
Syncfusion aims to keep its service safe for everyone, and data security is of the utmost priority. If you are a security researcher and have discovered a security vulnerability in our product, website, or service, we appreciate your help in disclosing it to us in a responsible manner.
This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.
If you feel your account may have been compromised, or if you suspect fraudulent behavior, do not hesitate to contact our support team. Your issue will be investigated immediately and thoroughly.
Under this policy, “research” means activities in which you:
Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.
The following test methods are not authorized:
If you think you’ve found a security vulnerability in BoldDesk, contact us immediately via firstname.lastname@example.org.
We will investigate all legitimate reports and make every effort to quickly correct any vulnerability. We ask in return that you:
Syncfusion does not typically offer a reward for the disclosure of security issues. We reserve the right to acknowledge your contribution in a manner we see fit.
Syncfusion uses a number of third-party providers and services. Our bug bounty program does not give you permission to perform security testing on their systems. Vulnerabilities in third-party systems will be assessed case-by-case, and party if needed.
Low severity, purely theoretical and best-practice issues do not qualify for submission. Here are some examples:
To help us triage and prioritize submissions, we recommend that your reports:
If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized, we will work with you to understand and resolve the issue quickly, and Syncfusion will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.