Lantero Vulnerability Disclosure Policy
Maintaining the security, privacy, and integrity of our services is a priority. Therefore, Lantero appreciates all types of reports intended to improve these areas. We are committed to creating a safe, transparent environment to report vulnerabilities.
If you believe you have found a security or privacy vulnerability that could impact Lantero, our customers and/or users, we encourage you to report this right away. We will investigate all legitimate reports and fix the problem as soon as we can. All services that Lantero provides are in scope of this policy. However, the following conditions are out of scope:
- Customers of Lantero or non Lantero sites behind our infrastructure.
- Any vulnerability obtained through the compromise of a Lantero customer or employee accounts.
- Missing Best Practice, Configuration or Policy Suggestions.
- Any Denial of Service (DoS) attack against Lantero and our services.
- Physical attacks against Lantero employees, offices, and data centers.
- Social engineering of Lantero employees, contractors, vendors, or service providers.
- Knowingly posting, transmitting, uploading, linking to, or sending any malware.
- Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
We ask that you make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.
Lantero pledges not to initiate legal action against researchers as long as they adhere to the guidelines outlined in this policy. In order to protect our customers, we requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed customers if needed.
All aspects of this process are subject to change without notice, as well as to case-by exceptions. No particular level of response is guaranteed for any specific issue or class of issues.
To send a report, please use the e-mail
To ensure confidentiality, we encourage you to encrypt any sensitive information you send to us.