You found a security vulnerability in one of the Talarian products, and you want to report it to us. This article explains our policy in this respect and the procedure to report a security vulnerability you discovered in Form Publisher.
No technology is perfect, and Talarian believes that working with skilled security researchers worldwide is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in one of the Talarian products, we encourage you to notify us at secalert@talarian.io. We welcome working with you to resolve the issue promptly.
Let us know as soon as possible upon discovering a potential security issue, and we'll make every effort to resolve the issue quickly.
Talarian values the independent security research community members who find security vulnerabilities and work with us so that security fixes can be issued to all customers. Talarian's policy is to credit all researchers in the Release Notes when a fix for the reported security bug is issued. To receive credit, security researchers must follow this policy’s best practices, including:
- to only interact with accounts you own or with the explicit permission of the account holder
- to not disclose the vulnerability to the public or any third party before Talarian releasing a fix for it;
- to not disclose specifics of the issue, for example, through exploits or proof-of-concept code
- to refrain from causing any privacy violations, destruction of data, and interruption or degradation of our service.
Also, while researching, we'd like to ask you to refrain from:
- Denial of service
- Spamming
- Social engineering (including phishing) of our staff or contractors
- Any physical attempts against our property
Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. Suppose legal action is undertaken by a third party against you regarding activities conducted in compliance with this policy. In that case, we will take steps to make it known that your actions were performed according to this policy.