Customers
We take care of our customers. Check out these agreements if you use our products and services.
Website Visitors
That’s you! Learn more about how we protect your privacy as your browse our website.
Partners
We love working with you! These agreements lay the foundation for our various partner programs.
Responsible Disclosure Program
Welcome to servis.ai’s Vulnerability Disclosure Program! If you believe you have discovered a security vulnerability in servis.ai products or have experienced a security incident related to servis.ai products, please report the issue to aid in its resolution. Below, you will be able to find further information regarding submitting a security bug.
Reporting a Potential Security Vulnerability
If you wish to report any suspected vulnerability, please privately share full details of the suspected vulnerability via the submission form. Please refer to the Security related information and guidance below before submitting a new vulnerability.
Responsible Disclosure Program Guidelines
Please do:
- Do Privately Share: Confidentially communicate the identified potential security flaw to servis.ai before making it known to external parties or the general public.
- Do Provide Comprehensive Details: Present a comprehensive, step-by-step account of the detected security vulnerability, along with intricate specifics about the implicated technology. This enables servis.ai to replicate and validate the issue for the purpose of implementing a remedy.
- Do Wait for Confirmation: Await acknowledgement from the servis.ai security team regarding the successful resolution of the reported security vulnerability. As the resolution duration may vary depending on the complexity, sustaining an open channel of communication and establishing feasible remediation timelines is crucial.
- Do Report OWASP Top 10: Submit reports for any vulnerabilities that fall within the OWASP Top 10 vulnerability categories.
- Do Report Impactful Vulnerabilities: Disclose all other vulnerabilities that exhibit a demonstrable impact on servis.ai or the security of servis.ai’s clientele, encompassing instances involving the exposure of sensitive data.
Please do not:
- Don’t Cause Harm: Engage in any activity, intentional or otherwise, that may potentially harm servis.ai, its clients, systems, users, or applications.
- Don’t Exploit: Attempt to exploit any identified security loophole.
- Don’t Access Sensitive Data: Gain unauthorized access to, or make an effort to access, sensitive data.
- Don’t Probe Further: Try to exhibit further compromise of sensitive data or initiating exploratory actions to uncover supplementary vulnerabilities.
- Don’t Execute Harmful Actions: Execute or endeavor to execute actions such as DoS attacks, Spam attacks, Brute Force attacks, and similar methodologies that could influence the confidentiality, integrity, or availability of servis.ai’s systems or data.
- Don’t Engage in Unauthorized Activities: Conduct any form of physical, electronic, or social engineering attacks targeting servis.ai’s personnel, contractors, assets, or data centers.
- Don’t Violate Laws or Agreements: Violate any legal statutes or breach agreements in order to uncover security vulnerabilities./
Disclosure
servis.ai requests that you do not publicly disclose any information regarding the vulnerability until it has had the opportunity to analyze the vulnerability, to respond to the notification, and to notify key users, customers, and partners.
The amount of time required to validate a reported vulnerability depends on the complexity and severity of the issue. servis.ai takes all required security vulnerabilities very seriously and will always ensure that there is a clear and open channel of communication with the reporter. After validating an issue, servis.ai coordinates public disclosure of the issue with the reporter in a mutually agreed timeframe and format.
servis.ai Security Team Commitment
The servis.ai security team will thank all security researchers who help strengthen our product and corporate infrastructure, as well as our and our customers’ security, by finding and reporting security vulnerabilities to us via our Responsible Disclosure Program.
FAQ
What all things I can report to servis.ai?
You may report any bugs in relation to user experience, unexpected errors and any issues which you see as Privacy & Security concerns.
You can also report any rogue or phishing website, phishing email, sms phishing (SMiShing) and voice phishing (Vishing) associated with the servis.ai brand.
If you suspect you already provided sensitive information to scammers on Call/SMS/Email/Website such as ID, Password or any other information related to servis.ai, then you may report the incident directly at incident@freeagentsoftware.com, immediately.
Is it authorized to perform vulnerability scanning on any of the infrastructure associated with servis.ai ?
No, not as on date. servis.ai currently doesn’t authorize any vulnerability assessment and related activities against its infrastructure without formal engagement; only authorized consultants and researchers with Non-disclosure Agreement in place can scan the servis.ai infrastructure for an approved period as per agreement.
Is it authorized to make a public post about the bugs I have discovered and/or reported on the servis.ai Information System?
No, currently servis.ai does not authorize posting of Bugs associated with the servis.ai information System on any forums, blogs, social media etc.
What is considered an unauthorized act and what are its implications?
Any unauthorized attempt to identify a vulnerability in any part of servis.ai Information Infrastructure will be considered as an unauthorized act. Unauthorized acts include but are not limited to scanning, hacking attempts, source code theft, disclosure of confidential information, hosting phishing pages, phishing scam and Identity impersonation of servis.ai personnel. An unauthorized act may attract appropriate disciplinary action at the sole discretion of the management.
Is there any associated reward for reporting bugs or servis.ai has a plan to introduce one in future?
While servis.ai is not currently offering a bug bounty, it is on the roadmap. The launch of such a program will be announced officially through an update on this page. However, as an exception to the ongoing roadmap, based on the severity of the reported bug/security issue, the company may make an internal decision on whether the vulnerability qualifies for a bounty.