Vulnerability Disclosure Policy

We take security, trust, and transparency seriously. Hiver appreciates the work of security researchers and has developed a program to make it easier to report vulnerabilities to Hiver and to recognize you for your effort to make the Internet a better place. This policy provides our guidelines for reporting vulnerabilities to Hiver.

Disclosure Policy

  1. If you believe you have found a security vulnerability that could impact Hiver or our users, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
  2. Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
  3. If you believe you have discovered a vulnerability in a Hiver product or have a security incident to report, please email us to security@hiverhq.com.
  4. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

Exclusions

The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

  1. Physical attacks against Hiver employees, offices, and data centers.
  2. Social engineering of Hiver employees, contractors, vendors, or service providers.
  3. Knowingly posting, transmitting, uploading, linking to, or sending any malware.
  4. Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
  5. Any vulnerability obtained through the compromise of a Hiver customer or employee accounts. If you need to test a vulnerability, please create a free account.
  6. Being an individual on, or residing in any country on, any U.S. sanctions lists.
  7. Denial of service.
  8. Brute Force attacks.
  9. Issues found through automated testing.
  10. Content Spoofing.
  11. Version number information disclosure.

Rewards

We are creating a Hall of Fame for all the security researchers who have helped us to make Hiver a more secure service.