Vulnerability Disclosure Policy

Overview

This policy gives security researchers a point of contact to directly submit their research findings if they believe they have found a potential security vulnerability within Ailo Pay Pty Ltd products or systems (i.e our website, mobile apps, technology platform, customer portals etc)

Purpose

The security of our systems is a top priority and we take every care to keep them secure.

We are keen to engage with the security community. This policy allows security researchers to share their findings with us. If you think you have found a potential vulnerability in one of our systems, services or products, please tell us as quickly as possible.

We will not compensate you for finding potential or confirmed vulnerabilities.

Scope

This policy covers the sharing of security vulnerability findings on:

any product or service wholly owned by Ailo Pay Pty Ltd to which you have lawful access

This policy does not cover security researchers or others who attempt to undertake:

clickjacking
social engineering or phishing
weak or insecure SSL ciphers and certificates
denial of service (DoS)
physical attacks
to modify or destroy data

Policy

How to report a vulnerability

To report a vulnerability, email vulnerabilitydisclosure@ailo.io

Include enough detail so we can reproduce your steps.

If you report a vulnerability under this policy, you must keep it confidential. Do not make your research public until we have finished investigating and fixed or mitigated the vulnerability.

What happens next

We will:

respond to your report
endeavour to keep you informed of our progress
agree upon a date for public disclosure if required