Welcome to FusionFabric.cloud Responsible Disclosure
At Finastra, the safety of the data on our systems is at the heart of everything we do. We actively encourage everyone who believes they have found a vulnerability in our systems to report the issue to us in line with the following guidelines. Your report will be submitted to our Responsible Disclosure Program, managed by Synack.
Responsible Disclosure Guidelines
The following Finastra web services are in scope:
Rules of Engagement
Please read the following rules before reporting a vulnerability:
- Do not put any data on our systems at risk
- No Denial of Service testing
- No Physical or Social Engineering
- No uploading of any vulnerability or content to third-party utilities (e.g. Github, DropBox, YouTube)
- If able to gain access to a system, accounts, users, or user data, stop at point of recognition and report. Do not dive deeper to determine how much more is accessible.
- When documenting a vulnerability, if a vulnerability is public, please make sure it is discreet and doesn't identify the client.
If you do not follow these Rules of Engagement your actions will be treated as an attack and not a Security Disclosure. We may take action against any attacks, including reporting them to the police.
What to Report
- OWASP Top 10 vulnerability categories
- Other vulnerabilities with demonstrated impact
What not to Report
- Theoretical vulnerabilities
- Informational disclosure of non-sensitive data
- Low impact session management issues
- Self XSS (user defined payload)
For a full list of program scope please visit the Responsible Disclosure details page.
Terms and ConditionsThe following terms and conditions apply and you have to fully comply with those terms at all times.
- These Responsible Disclosure Guidelines
- The Terms of Service