Contact Information
For urgent issues, you can also email us at security@rhebo.com. PGP key available [here]
Responsible disclosure policy
Our Commitment to Security
At Rhebo, we take the security of our products and services seriously. We value the contributions of security researchers and customers in helping us maintain a secure environment.
Reporting a Vulnerability
If you discover a security vulnerability in any Rhebo product or service, we ask that you:
- Report it promptly via our secure reporting form or by emailing security@rhebo.com.
- Provide sufficient details to reproduce the issue (e.g., product version, configuration, steps).
- Avoid exploiting the vulnerability or accessing data beyond what is necessary to demonstrate the issue.
- Do not publicly disclose the vulnerability before we have resolved it.
What We Promise
- Acknowledgment: We will confirm receipt of your report within 48 hours.
- Assessment: Our security team will investigate and validate the issue.
- Communication: We will keep you informed of progress and expected timelines.
- Recognition: If you wish, we will credit you in our security advisories once the issue is resolved.
Scope
This policy applies to vulnerabilities in Rhebo products, services, and associated infrastructure. It does not cover:
- Physical security issues
- Social engineering attacks
- Third-party products not managed by Rhebo
Legal Safe Harbor
If you follow this policy in good faith, Rhebo will not pursue legal action against you for your security research activities.
Thank You Your efforts help us protect critical infrastructure and improve the resilience of our solutions.