How to Submit a Responsible Disclosure

27 users found this article helpful

Parallels is committed to maintaining the security of our systems, products and customer’s information. We investigate all legitimate submissions in a timely manner and fix issues based on criticality factors and our release cycle once verified.

 

Responsible Disclosure Program Submission Policy

 

Submissions shall meet the following requirements:

 

Non-valid Submissions

 

Certain submissions are not valid for Parallels’ Responsible Disclosure program:

  1. Submissions using PGP or password protected.
  2. Requests for payments inclusive of PayPal/Cryptocurrency or other non-traceable monetary exchange systems.
  3. Anonymous e-mail addresses that cannot be verified.
  4. Submissions related to Application/service owned, managed or hosted by a third-party. 
  5. Submissions where CVSS scoring is incomplete, thereby rendering the overall score inaccurate
  6. Submissions resulting from unsolicited scanning of our infrastructure.
  7. Submissions resulting unsolicited scans of our products.
  8. A submission combining more than one vulnerability.
  9. Submissions related to: Clickjacking, Tab nabbing, Weak Ciphers, UI Redressing, Hyperlink Injection,  and Certificate Authority.
  10. Submissions from sanctioned counties, nor a person on, or working on behalf of a party identified on any disinterested list maintained by the United States, Canada, Ireland, German, Malta or Swiss governments.
  11. Submitters providing covered information such as: credit card or bank account numbers.

 

This policy is in line with our desire to improve overall Internet safety.  Parallels does not waive any rights or claims with respect to activities that are in violation of the law or could be interpreted as such.

 

Submissions meeting the above requirements may be sent to: security@parallels.com.  If your submission meets all requirements and is valid, we will follow-up with you, otherwise consider the matter closed with no further communication.

 

Parallels thanks security researchers who facilitate new long-term research and development of techniques, products, and processes for avoiding or mitigating vulnerabilities.

Was this article helpful?

Tell us how we can improve it.