Copyright © Fidelis Security. All rights reserved.
-
Privacy PolicyPrivacy Policy
-
Terms of ServiceTerms of Service
-
Trust CenterTrust Center
-
SecuritySecurity
Fidelis Security, LLC (“Fidelis”) is deeply committed to the security of the products and services we deliver to our customers and welcomes feedback from customers, security researchers, and the general public to help us improve security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues relating to Fidelis products and services, we want to hear from you. We only ask that you abide by our Responsible Disclosure policy and processes and provide Fidelis with the opportunity to investigate, resolve, and mitigate any confirmed security issues prior to public disclosure. This policy outlines the steps for performing compliant testing, reporting vulnerabilities to us, what we expect, and what you can expect from us.
This policy applies to the Fidelis products and services we deliver to our customers and the information contained within the networks, systems, and applications used to deliver those products and services. Specifically, Fidelis Elevate Extended Detection and Response (XDR), Fidelis Network Detection and Response (NDR), Fidelis Endpoint Detection and Response (EDR), Fidelis Deception products, and Fidelis Insight threat intelligence and malware analysis services. As these are operational systems supporting our customers, vulnerability research associated with these products and services must be authorized by the owner, operator, licensee and/or subscription holder of the system or service being tested and must follow the ground rules and expectations outlined in this policy. For on-premise deployments of Fidelis products and services, testing must be authorized and approved by the licensee and/or subscription holder for the products being tested. For cloud-based (Software-as-a-Service) deployments and supporting services, vulnerability research must be authorized and approved by Fidelis. All other networks, systems, information, applications, products, or services owned, operated, or leased by Fidelis are considered out of scope with respect to this policy.
When working with us, according to this policy, you can expect us to:
In participating in our vulnerability disclosure program in good faith and to minimize risk to our customers, employees, and company, we ask that you:
When conducting vulnerability research, according to this policy, we consider this research conducted under this policy to be:
You are expected, as always, to comply with all applicable laws and not to disrupt or compromise any data beyond what is permitted by this policy.
Note that the Safe Harbor applies only to legal claims under the control of the organization participating in this policy. If your security research involves the networks, systems, information, applications, products, or services of a third party (which is not us), we cannot bind that third party, and they may pursue legal action or law enforcement notice. We cannot and do not authorize security research in the name of other entities, and cannot in any way offer to defend, indemnify, or otherwise protect you from any third-party action based on your actions.
Join our newsletter to stay up to date on features and releases.