Payatu disclosure policy

At Payatu we take Security Research and Disclosures Seriously. As we consume and work with many technologies, we often find security issues with them.We consider Responsible Disclosure our Duty and work with Vendors through the process standardized under the Payatu Disclosure Policy Framework with reference to ISO/IEC29147.

Timelined Procedure

This framework lays the following time lined procedure that we follow :

0 Day

Disclosure to Vendor and await Acknowledgement

0 – 7 Days

If Acknowledgement not received by Vendor, Second Attempt of contact

0 – 10 Days

If Acknowledgement is received
● Convey the commencement of 90 days public disclosure window.
● Provide technical details if requested by Vendor Else Proceed with Public Disclosure of Vulnerability Inform “CERT” or other Disclosure Coordinators about the findings (depending on case, we decide which Coordinator to inform)

0 Day

Disclosure to Vendor and await Acknowledgement

0 Day

Disclosure to Vendor and await Acknowledgement

Confidentiality & Secure Communication

Regarding communication on Disclosure with vendor, the framework sets the following procedure:

Throughout the non disclosure period we expect regular communication between our team and vendor and this is kept confidential

Throughout the non disclosure period we expect regular communication between our team and vendor and this is kept confidential

Throughout the non disclosure period we expect regular communication between our team and vendor and this is kept confidential

Throughout the non disclosure period we expect regular communication between our team and vendor and this is kept confidential

Throughout the non disclosure period we expect regular communication between our team and vendor and this is kept confidential