At Al Amal Physical Therapy Center, we are committed to maintaining the security and privacy of our users. We understand the importance of addressing vulnerabilities promptly and effectively. This Coordinated Disclosure Policy outlines how we handle security vulnerabilities reported by security researchers, users, and other parties. We encourage responsible disclosure to ensure the security of our systems and the protection of our users.
1. Purpose
The purpose of this policy is to establish a collaborative and transparent process for security researchers to report vulnerabilities, ensuring the following:
- Timely and effective resolution of security vulnerabilities.
- Protection of user privacy and data.
- Recognition of contributors for responsible disclosure.
2. Reporting a Vulnerability
If you have discovered a potential security vulnerability in Al Amal Physical Therapy Center products, services, or infrastructure, we encourage you to report it to us through the following channels:
- Email: Mail.
- Web Form: Contact Us.
When submitting a report, please include the following information:
- A clear description of the vulnerability, including its location (URLs, endpoints, etc.).
- Steps to reproduce the issue, if possible.
- Any potential impact or risk associated with the vulnerability.
- Any recommendations or mitigation strategies, if known.
3. Our Commitment
Once we receive your vulnerability report, we will follow these steps:
- Acknowledge Receipt: We will confirm the receipt of your report within [48 hours] and provide an estimated timeline for resolution, if applicable.
- Investigation: Our security team will investigate the reported issue to determine its severity, impact, and scope.
- Resolution: If a vulnerability is confirmed, we will work to resolve the issue as quickly as possible. This may include deploying patches, updates, or other mitigation strategies.
- Disclosure: Once the vulnerability is resolved, we will work with you to coordinate the public disclosure of the issue. We will acknowledge your contribution to responsible disclosure if you would like to be credited publicly.
- Timely Updates: We will provide updates during the resolution process, especially if there are any delays.
4. Responsible Disclosure Guidelines
We ask that all reports adhere to the following guidelines:
- Avoid Exploitation: Please refrain from using the vulnerability to exploit, damage, or disrupt our services or users.
- Minimize Impact: If possible, avoid causing any disruption to our users while discovering or reporting the vulnerability.
- No Public Disclosure: Please do not disclose the vulnerability publicly until we have had a chance to assess, mitigate, and fix the issue. This allows us to implement necessary security measures and protect users from potential attacks.
5. Rewards and Recognition
We recognize the valuable contributions of security researchers in improving our security posture. We offer the following forms of recognition:
- Acknowledgment: We will credit you for your responsible disclosure if you wish to be publicly acknowledged.
Although we do not currently have a bug bounty program for our products, services, or infrastructure, we certainly prioritize security and are dedicated to the friendly, coordinated disclosure of security vulnerabilities and issues.
6. Security Best Practices for Researchers
We encourage security researchers to follow best practices when reporting vulnerabilities:
- Ensure the use of secure communication channels, such as PGP encryption, when transmitting sensitive information. This can be achieved by arranging for secure channels or employing alternative secure methods.
- Do not perform denial-of-service (DoS) or other disruptive attacks while researching vulnerabilities.
- Test vulnerabilities in a controlled environment and avoid affecting production systems.
7. Our Security Team’s Role
Our internal security team is responsible for:
- Reviewing and validating reported vulnerabilities.
- Fixing and patching vulnerabilities in a timely manner.
- Communicating with researchers and providing updates on the status of the vulnerability.
- Coordinating public disclosure once the issue is resolved.
8. Legal Safe Harbor
We value the time and effort dedicated to identifying and reporting vulnerabilities. Our commitment to the responsible disclosure process ensures that we will not pursue legal action against researchers acting in good faith. We further encourage researchers to adhere to ethical hacking guidelines. As long as the following conditions are met:
- The vulnerability is reported in accordance with this Coordinated Disclosure Policy.
- No data is compromised, deleted, or modified during the discovery and reporting process.
- The testing does not cause damage or downtime to our systems.
We will work with you to address the issue and ensure a safe environment for both researchers and our users.
9. Exclusions
This policy does not apply to:
- Third-Party Services: Vulnerabilities in third-party services or tools used by Al Amal Physical Therapy Center are not covered by this policy. Please report those issues directly to the third-party provider.
- Public-Facing Services: Vulnerabilities related to third-party public-facing services (e.g., social media platforms, CDN providers) should be reported to their respective security teams.
10. Contact Us
If you have any questions about this Coordinated Disclosure Policy or need further clarification, please do not hesitate to contact us at:
- Security Team Email: Mail.
Final Thoughts
Thank you for your cooperation in helping us maintain a secure environment. We are dedicated to responding to vulnerabilities in a timely and responsible manner. Your contribution is invaluable in protecting our users and ensuring that Al Amal Physical Therapy Center remains secure.