|
The Forrester Wave™: Supplier Value Management Platforms, Q3 2024 See Report
At Ivalua, while we do not give permission to actively audit our infrastructure, we do encourage responsible disclosure of any vulnerabilities that may be found in our systems or applications. These guidelines provide guidance on how to disclose vulnerabilities responsibly and outlines what you can expect from us in terms of a response.
These guidelines apply to any digital assets owned, operated, or maintained by Ivalua, including, but not limited to, websites, applications, and databases. No authorization is given with respect to the activities described below as excluded (see “Exclusions”).
These guidelines do not apply to existing Ivalua customers or Authorized Users. If you are an Authorized User, vulnerability security testing and disclosure rights and restrictions are only as expressly set forth in your Organization’s agreement with Ivalua.
To disclose a security vulnerability, please follow these steps:
These guidelines do not constitute a waiver of any rights Ivalua would have under applicable law. Please be advised that engaging in testing or encouraging others to test a third-party’s systems without permission is generally considered unauthorized access under various laws, such as the Computer Fraud and Abuse Act (CFAA) in the United States and similar laws in other jurisdictions. This can lead to criminal and civil liabilities for both the organizers and the participants of any form of unauthorized security testing.
As a consequence, the following testing methods are not authorized:
For any reporting and/or questions regarding this policy or the reporting process, please contact [email protected].