Vulnerability Disclosure Policy
IM Space is committed to provide the best safety and security for customers that uses our products and services. We are aware and constantly on a lookout for the ever-changing security threats and solutions to safeguard our products against it. As such, IM Space is now formalizing our policy to accept vulnerability reports for our products. We hope to foster a partnership with the community, and recognize that the work the community does is an important one.
Any information that supply is will be of great help to the team and we promise to use these information that to resolve any identified security vulnerabilities.
​
When submitting reports of vulnerability findings, please ensure the following procedures and guidelines are followed, for a safer and more efficient support.
Guidelines
We require that all researchers:
​
1. Make every effort possible to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
2. Receive permission/consent from customers before engaging in vulnerability testing against their devices/software.
3. Adhere to the laws of their location and the location of IM Space.
4. Use only the identified communication channel provided below for vulnerability reporting as stated in this policy.
5. Refrain from including sensitive personal information in any screenshots or any other attachments you provide to us.
6. Do not take advantage of the vulnerability you have discovered.
7. Remain communicative and cooperative as we work together through this process.
​
If you follow these guidelines accordingly, we will commit to:
​
1. Not pursue or support any legal action related to your research to a vulnerability.
2. Work with you to understand and resolve the issues associated with the vulnerability.
3. Recognise your contribution and make the product modification change based on the reported vulnerability.
How to submit a vulnerability:
​
To submit a vulnerability report to IM Space’s product security team, please fill the form here: Vulnerability Report Form
Security Vulnerability report assessment and action:
After submitting the report, you can expect the following from IM Space:
​
1. IM Space will acknowledge receiving your report within 7 business days.
2. Verify the reported vulnerability.
3. IM Space will provide you a unique tracking number for your report.
4. IM Space will keep you informed on the status on the report.
5. IM Space will request for any additional information that may be required for us to investigate.
6. Release the patches or security fixes accordingly, and uploading the patch notes on our website as well as in our dedicated app to inform users.
7. Notify you directly when the fix is complete.
8. In any case that IM Space is unable to resolve the issue, we may bring in a neutral third party to assist and determine how best to handle the vulnerability.
Additionally:
​
If you decide to share any information with IM Space, you agree that the information you submit will be considered as non-proprietary and non-confidential and that IM space is allowed to use said information in any manner without restriction. In addition, you agree that submitting information does not create any rights for you or your organisation or any obligation for IM Space.