Vulnerability Disclosure Policy

1. Introduction

IASME are committed to addressing and reporting security issues through a coordinated and constructive approach designed to provide the greatest protection for IASME customers, partners, staff and all Internet users. This policy applies to vulnerabilities discovered anywhere by IASME staff and by others in IASME services.

2. Reporting security issues

If you believe you have discovered a vulnerability in a IASME service or have a security incident to report, please email us at [email protected] or fill out this contact form: contact us. We appreciate the use of the Common Vulnerability Scoring System: https://www.first.org/cvss/calculator/3.1.

Once we have received a vulnerability report, IASME takes a series of steps to address the issue:

IASME requests the reporter keep any communication regarding the vulnerability confidential.
IASME investigates and verifies the vulnerability.
IASME addresses the vulnerability and releases an update or patch within 90 days. If for some reason this cannot be done within this timeframe or at all, IASME will provide information on recommended mitigations.
IASME publicly announces the vulnerability in the release notes of the update. IASME may also issue additional public announcements, for example via social media.
Release notes (and blog posts when issued) include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous.

IASME will endeavour to keep the reporter apprised of every step in this process as it occurs. We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services, and better protect our customers. Thank you for working with us through the above process.

3. Security issues found by IASME

Once we have found a vulnerability in another vendor’s products, IASME takes a series of steps to address the issue:

IASME will convene their vulnerability analysis team. This team, lead by the CTO, is solely responsible for determining the severity of the vulnerability and managing the disclosure process.
IASME will keep any communication confidential regarding the vulnerability until the completion of the disclosure process.
IASME will attempt to contact the appropriate product vendor by email and telephone.
IASME will provide the vulnerability details to the vendor.

IASME will prepare and publish an advisory detailing the vulnerability at least 90 days after initial attempts at disclosure at stage 2 above, barring extenuating circumstances. This advisory will be made available to the general public via IASME’s social media.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
enforce_policy	1 year	PayPal sets this cookie for secure transactions.
iasme_country	1 month	Used to store geographical location.
sc_f	1 year 1 month 4 days	PayPal sets this cookie when a website is in association with PayPal's payment function.
ts	1 year 1 month 4 days	PayPal sets this cookie to enable secure transactions through PayPal.
ts_c	1 year 1 month 4 days	PayPal sets this cookie to make safe payments through PayPal.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
LANG	9 hours	Linkedin set this cookie to set user's preferred language.
nsid	session	PayPal sets this cookie to enable the PayPal payment service on the website.
tsrce	3 days	PayPal sets this cookie to enable the PayPal payment service on the website.
x-pp-s	session	PayPal sets this cookie to process payments on the site.

Vulnerability Disclosure Policy

Select your location