At Pando RWA Inc. (Pando), the security of our systems and the protection of customer data are top priorities. We are committed to maintaining a strong security posture and appreciate the efforts of the security community in identifying vulnerabilities. This policy outlines the guidelines for reporting vulnerabilities and how we handle such reports.
If you believe you’ve discovered a security vulnerability in our services, we encourage you to report it to us in a responsible manner. Please follow these steps:
Email Us: Send a detailed report to our security team at se******@pa*******.com.
Provide Information: Include a clear description of the vulnerability, steps to reproduce it, and any supporting details that will help us investigate.
Sensitive Information: If necessary, please use our PGP key to encrypt any sensitive information before sharing. You can find our PGP key here.
Once a vulnerability report is submitted, we will:
Acknowledge receipt of your report within 72 hours and begin an investigation.
Work with you to understand the scope and impact of the issue.
Keep you informed of our progress and when we expect the issue to be resolved.
Credit you on our acknowledgements page, if you wish to be recognized, once the vulnerability is confirmed and remediated.
To ensure a responsible and ethical disclosure process, we ask that you:
Do not publicly disclose any details about the vulnerability until we’ve had an opportunity to investigate and mitigate the issue.
Avoid exploiting the vulnerability beyond what is necessary to demonstrate its existence.
Do not access or modify data belonging to others without explicit consent.
Respect our systems and avoid causing any disruptions to our services while testing.
In Scope
This security policy covers vulnerabilities in services owned or operated by Pando, including:
www.pandoalts.com in**@pa*******.com
Web applications
APIs
Cloud infrastructure
Internal systems
Out of Scope
Issues related to third-party services, denial-of-service attacks, and social engineering (phishing) attempts are not
authorized as part of this program.
We will not pursue legal action against individuals who, in good faith, discover and report security vulnerabilities in accordance with this policy. However, if you violate any laws or act outside the bounds of responsible disclosure, we may take necessary action to protect our systems and customers.
We are dedicated to ensuring the safety and security of our systems. Vulnerability reports are treated with the highest priority, and we aim to address valid issues promptly.
We value the contributions of the security community. If you’d like to be acknowledged for your efforts, please let us know, and we will recognize your contribution on our security acknowledgements page.
This policy was last updated on: September 26, 2024.
in**@pa*******.com
