Vulnerability Disclosure Policy
Greenlight Information Services, LLC. is committed to cybersecurity, which is why we are proud members of the Cybersecurity Tech Accord
Greenlight does not develop its own software, but we do provide a multitude of software solutions from third parties. While we count on those third parties to disclose their own vulnerabilities, we do invite our customers and users of these software solutions to report any vulnerabilities to us. The Greenlight team follows a strict process for managing these reports, and for reporting these vulnerabilities to our third-party software vendors.
To report a potential vulnerability with any solutions provided by Greenlight, send an email to support [at] greenlight-is [dot] com
In the subject line, use the keyword “vulnerability”
Provide all details you have regarding the potential vulnerability in the body of the email
If possible, provide detailed instructions in order to produce a result which would reveal the vulnerability
Upon receipt of this email, the Greenlight team will follow our internal procedures to validate the reported vulnerability, and then will report this vulnerability to the relevant third party software vendor(s). The Greenlight team will provide updates via email to the reporter throughout the lifecycle of the issue and until its resolution. The reporter will receive confirmation either from Greenlight or directly from the third-party software vendor(s) when the vulnerability has been resolved.
We at Greenlight appreciate and welcome any relevant vulnerability reports, and will remain transparent throughout the entire process.
Greenlight does not participate in any rewards programs or bounties for such reports.