At DryZone we take the security of our online platform and our customers’ data seriously. We appreciate the efforts of security researchers and ethical hackers in helping us identify and address potential vulnerabilities. If you believe you have discovered a security issue or vulnerability on one of our websites or any of our online services, we encourage you to report it to us in a responsible and coordinated manner.
The security and integrity of its online business assets are of utmost importance to DryZone. The provisions of this Responsible Disclosure Policy are intended to supplement BugCrowd’s terms and conditions. In the event of a conflict between this Responsible Disclosure Policy, and BugCrowd’s terms and conditions, the provisions of this Responsible Disclosure Policy shall prevail.
If you have identified a vulnerability in any of our online assets, you must disclose that to DryZone in accordance with this Responsible Disclosure Policy using the submission form below. DryZone may, at its sole discretion, engage with security researchers where a vulnerability is reported pursuant to this Responsible Disclosure Policy. Where a security vulnerability is proven and verified by DryZone, we will remedy such vulnerability.
By completing the submission form below, you agree to comply with, and be bound by, the provisions of this Responsible Disclosure Policy, and the BugCrowd terms and conditions.
DryZone reserves all of its rights to take action against security researchers who do not comply with this Responsible Disclosure Policy, including but not limited to immediate removal of the security researcher from any DryZone bug bounty program. Any submission which does not comply with the Responsible Disclosure Policy will not be considered by DryZone.
If you identify an issue or security vulnerability in any of DryZone’s online assets, please report this to us using in a way convenient for you. DryZone will review the submissions it receives from security researchers, and determine if the vulnerability is proven and verified. Where a security vulnerability is proven and verified, you may be eligible for monetary compensation if the vulnerability has not been previously reported.
Remuneration & Eligibility
DryZone may issue monetary compensation to a security researcher in respect of any security vulnerability at its sole discretion. DryZone is under no obligation to issue monetary compensation.
DryZone personnel, DryZone suppliers (and their personnel) and residents of countries on UK, EU or US sanctions lists are not eligible for monetary compensation. If you fall into any of the aforementioned categories, you must mention this in your submission form.
Security Researcher Obligations
If you would like to submit a security vulnerability report, please use the company contacts: https://dryzone.ie/contact-us/. In addition, and for your report to be considered by DryZone, you must:
- Comply with all applicable laws, regulations and rules.
- Provide true and accurate identification details.
- Not do any of the following:
- Access, download, or modify data residing in an account that does not belong to you
- Execute or attempt to execute any “Denial of Service” attack
- Post, transmit, upload, link to, send, or store any malicious software
- Test in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of unsolicited messages
- Test in a manner that would degrade the operation of any DryZone systems
- Test third-party applications, websites, or services that integrate with or link to DryZone systems
- Disclose, or otherwise share, any details of any DryZonesecurity vulnerability with anyone other than DryZone.
The terms and conditions set out in this Responsible Disclosure Policy, and any matter arising in respect thereof, shall be governed by the laws of England. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales in respect of any dispute or other proceeding arising in connection with this Responsible Disclosure Policy.