Responsible Disclosure For Security Vulnerabilities

Oviva is committed to maintaining the security of our products, services, and customer information. If you have discovered a potential security vulnerability in any of our offerings, please submit a vulnerability report to security@oviva.com. Please do not publicly disclose this information without contacting us first. Our security team will reach out to you once the vulnerability report is received.

Our Principles

  • We commit to acknowledge receipt of the vulnerability within 48 business hours.
  • We will work together with you to understand the severity of the issue and estimate the timelines for disclosure.
  • Notify you when the vulnerability has been fixed, so that further testing can be done to confirm the remediation.
  • Public acknowledgement and credit for your responsible disclosure, if required.

Submission Format

When reporting a potential vulnerability, please include a detailed summary of the vulnerability. This includes:

  • The target service / product.
  • The exact type of vulnerability and clear instructions to identify.
  • Clear step-by-step instructions to potentially exploit the vulnerability.
  • Additional information and artefacts such as the tools required, PoC scripts, screenshots, etc.

Our Expectations

We expect that you follow our responsible disclosure guidelines, as following:

  • Allow Oviva an opportunity to correct the vulnerability within a reasonable time frame (default of 90 days) before publicly disclosing the identified issue.
  • Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
  • Do not download, modify or destroy data that does not belong to you.
  • Do not use social engineering, attacks on physical security, distributed denial of service, or spam.

Feedback

If you wish to provide feedback or suggestions on this policy, please contact us at: security@oviva.com. This policy is bound to evolve over time, and your input is valuable to ensure that it is clear, complete and remains relevant.