Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Before you start

This form is for Ideagen Luminate feedback only.

Your submission will not receive a response. To request solution support, open a ticket with us.

New article Recently updated

Understanding the vulnerability disclosure policy

By Abi Davies
  • Last updated
⌘ K
Search this article
Print this article
Who is this article for?

Users who want to understand the vulnerability disclosure policy.

No elevated permissions are required.

Understanding a company's vulnerability disclosure policy is crucial for security researchers and conscientious individuals who wish to report potential security issues responsibly. This article delves into the key components of a typical vulnerability disclosure policy, explaining its importance in fostering collaboration between organisations and the cybersecurity community to enhance overall digital security.

  1. Security and privacy commitment
  2. Reporting security issues
  3. Responsible disclosure guidelines
  4. Bug bounty programme
    1. Bug bounty scope
  5. Further reading

1. Security and privacy commitment

At Lucidity, we prioritise security and recognise the critical importance of privacy and data integrity for our users. We are committed to responsible disclosure to our customers and vendors regarding any security vulnerabilities.

2. Reporting security issues

If you discover a potential vulnerability in a Lucidity product or need to report a security incident, please contact us at: security@luciditysoftware.com.au.

3. Responsible disclosure guidelines

  1. Notify Lucidity with detailed information about the vulnerability.
  2. Allow a reasonable time frame for us to address the issue before public disclosure.
  3. Provide sufficient details to reproduce the issue, including target URLs, request/response pairs, and screenshots.
  4. We will confirm receipt, evaluate the issue's validity, and keep you informed of our progress on valid concerns.
  5. Avoid privacy violations, data destruction, or service disruptions during your investigation.
  6. Refrain from exploiting any security issues you discover.

4. Bug bounty programme

We value and reward security researchers who help protect our users by reporting vulnerabilities. Monetary rewards are at Lucidity's discretion, based on risk, impact, and other factors. To qualify for a bounty:

  1. Adhere to our Responsible Disclosure Policy.
  2. Report a valid security issue (Lucidity determines what constitutes a potential security vulnerability).
  3. Ensure your report falls within the accepted scope (defined below).
  4. Disclose any inadvertent privacy violations or service disruptions caused during your investigation.

Bounty amounts are determined based on factors including ease of exploit, potential risk, and other relevant considerations. In case of duplicate reports, the first reporter will receive the bounty.

4.1. Bug bounty scope

Included Domains:

  • *.integralcs.com
  • *.luciditysoftware.com.au

Excluded Domains:

  • *.ourintranet.net
  • *.intranet.integralcs.com
  • cruse.com.au
  • luciditysoftware.com.au

5. Further reading

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page