Legal

Security

Our vulnerability disclosure policy and how to responsibly report a security issue to the Tazio team.

Last updated 29 July 2024

Vulnerability Disclosure Policy

Tazio Online Media Limited (Tazio) are committed to addressing and reporting security issues through a coordinated and constructive approach designed to provide the greatest protection for Tazio customers, partners, staff and all Internet users.

A security vulnerability is a weakness in our systems or services that may compromise their security. This policy applies to security vulnerabilities discovered anywhere by both Tazio staff and by others using Tazio services. The responsibility for this policy is with the senior management team of Tazio who will review it on an annual process. All day-to-day staff must follow this policy and will receive regular training on how to follow it.

Reporting Vulnerabilities

If you believe you have discovered a vulnerability in one of our services or have a security incident to report, please email [email protected].

Once we have received a vulnerability report, Tazio takes a series of steps to address the issue:

  • We will provide prompt acknowledgement of receipt of your report of the vulnerability.
  • We request the reporter keep any communication regarding the vulnerability confidential.
  • We will work with you to understand and investigate the vulnerability.
  • We will provide a timeframe for addressing the vulnerability.
  • We will notify you once the vulnerability has been resolved, to allow retesting by the reporter if needed.

Tazio will endeavour to keep the reporter apprised of every step in this process as it occurs.

Responsible Disclosure

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our services, and better protect our customers. In line with general responsible disclosure good practice, we ask that security researchers:

  • Allow Tazio an opportunity to correct a vulnerability within a reasonable time period before publicly disclosing the identified issue.
  • Provide sufficient detail about the vulnerability to allow us to investigate successfully including steps required to reproduce the issue.
  • Use the Common Vulnerability Scoring System when reporting a vulnerability.
  • Do not modify or delete data, or take actions that would impact on Tazio customers.
  • Do not carry out social engineering exercises or attempt to find weaknesses in the physical security of Tazio offices or other locations.