The purpose of this policy is to record the procedures of Ninija concerning communications with the media and Security Professionals in order to avoid selective or unlawful disclosure of non‐public Information.
The details contained in this policy represent a summary of the legal and regulatory provisions relating to the disclosure of information. It should therefore not be used as a substitute for specific legal advice.
Ninija company is the data controller for the following platforms/services:
Ninija Holdings Company.
All the above sites can be accessed from our corporate website www.ninija.org.
This responsible disclosure policy is applicable to customers or guests, namely a person who accessed or registers on the Ninija eCommerce platforms.
- Policy Statement
Ninija aims to keep information and data secured from unlawful disclosure or access.
If you are a security researcher and have discovered a security vulnerability or a suspected security vulnerability in any of our services, we appreciate your help in disclosing it to us in a responsible manner.
You can assist us by:
Ensuring that the vulnerability is not publicly disclosed before Ninija Company has had a reasonable period to fix the vulnerability Keep communication channels open to allow effective collaboration Use the provided communication channel to report all vulnerabilities
We will validate, respond and rectify vulnerabilities disclosed in accordance with our commitment to security and privacy.
Ninija company will not take legal action or suspend or terminate access to Services of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.
Ninija reserves all its legal rights in the event of any non-compliance.
You may test only against an account for which you are the account owner, or any party authorized by the account owner to conduct such testing.
In no event are you permitted to access, download or modify data residing in any other account but your own.
You are also prohibited from:
executing or attempting to execute any Denial of Service attacks;knowingly posting, transmitting, uploading, linking to, sending or storing any Malicious Software; testing in a manner that would degrade the operation of the Services; testing third party applications or websites or services that integrate with or link to the Services.
- Guidelines for Reporting
We require that all security researchers use the identified communication channel provided (i.e. responsible disclose form on the website) to report all suspected vulnerability information to Ninija and keep all information found confidential.
Security researchers are to share the details of any suspected vulnerabilities with the Ninija Team by completing the Responsible Disclosure Form (below). Please do not publicly disclose these details without express written consent from Ninija Company.
If you choose to email us [email protected], encrypting your email is not required.
Changes to this Responsible Disclosure Policy
We may change this Responsible Disclosure Policy from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Responsible Disclosure Policy, and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the login screen or sending you an email notification). Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.