Vulnerability Disclosure Policy

Vulnerability Reporting

Effective Date: 09-September-2023

1. Introduction

At TurnoutNow, we take the security of our systems and data seriously. We recognize the importance of external security research in identifying and mitigating vulnerabilities. This Vulnerability Disclosure Policy outlines our commitment to working with the security research community to address potential security issues.


2. Reporting Security Vulnerabilities

We encourage security researchers, ethical hackers, and anyone who discovers a potential security vulnerability in our systems or applications to responsibly report it to us. To report a security vulnerability, please follow these guidelines:

  • Contact Information: You can report vulnerabilities by sending an email to support@turnoutnow.com, which is our dedicated contact email address.
  • Provide Details: In your report, please include detailed information about the vulnerability, including steps to reproduce, potential impact, and any relevant supporting documentation or proof of concept.
  • No Malicious Actions: When researching and reporting vulnerabilities, please do not engage in any malicious activities, unauthorized access, or exploitation attempts. Act in accordance with all applicable laws and regulations.
  • Encryption If you would like to encrypt the content before submission. Here is our PGP key

3. Response and Resolution

Upon receiving a security vulnerability report, our security team will:

  • Acknowledge receipt of the report in a timely manner.
  • Investigate and validate the reported vulnerability.
  • Take appropriate measures to address and remediate the vulnerability.
  • Maintain open communication with the reporting party to provide updates on the status of the resolution.


4. Confidentiality

We respect the privacy and security of those who report vulnerabilities to us. We will make reasonable efforts to protect the identity of the reporting party, unless disclosure is required by law or if the reporting party consents to disclosure.


5. Legal Safe Harbor

We will not pursue legal action against individuals who report security vulnerabilities in accordance with this policy, provided they do not engage in malicious activities or disclose the vulnerability publicly before it is resolved.


6. Updates to the Policy

This Vulnerability Disclosure Policy may be updated or modified periodically.