Al Pack is committed to maintaining the security of our systems and our customers’ information. We appreciate and encourage security researchers to contact us to report potential vulnerabilities identified in any product, system, or asset belonging to Al Pack. If you believe you have identified a potential security vulnerability, please share it with us by following the submission guidelines below. Thank you in advance for your submission, we appreciate researchers assisting us in our security efforts.

Responsible Disclosure Program Guidelines

Researchers shall disclose potential vulnerabilities to Al Pack in accordance with the following guidelines:

  1. do not engage in any activity that can potentially or actually cause harm to Al Pack , our customers, or our employees;
  2. do not engage in any activity that can potentially or actually stop or degrade Al Pack services or assets;
  3. do not engage in any activity that violates:
    1. local laws or regulations,
    2. the laws or regulations of any country where,
      1. data, assets or systems reside
      2. data traffic is routed
      3. the researcher is conducting research activity.
  4. do not store, share, compromise or destroy Al Pack or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact Al Pack. This step protects any potentially vulnerable data, and you.
  5. do not initiate a fraudulent financial transaction;
  6. provide Al Pack Group reasonable time to fix any reported issue, before such information is shared with a third party or disclosed publicly. By responsibly submitting your findings to Al Pack Group in accordance with these guidelines Al Pack Group agrees not to pursue legal action against you. Al Pack Group reserves all legal rights in the event of noncompliance with these guidelines.
    Once a report is submitted, Al Pack Group commits to provide prompt acknowledgement of receipt of all reports (within two to three business days of submission) and will keep you reasonably informed of the status of any validated vulnerability that you report through this program.

By responsibly submitting your findings to Al Pack Group in accordance with these guidelines Al Pack Group agrees not to pursue legal action against you. Al Pack Group reserves all legal rights in the event of noncompliance with these guidelines.

Once a report is submitted, Al Pack commits to provide prompt acknowledgement of receipt of all reports (within two to three business days of submission) and will keep you reasonably informed of the status of any validated vulnerability that you report through this program.

Out of Scope Vulnerabilities

Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program. Out-of-scope vulnerabilities include:

  • physical testing;
  • social engineering (e.g. attempts to steal cookies, fake login pages to collect credentials;
  • phishing;
  • denial of service attacks;
  • resource exhaustion attacks. 

Submission Format

When reporting a potential vulnerability, please include a detailed summary of the vulnerability, including the target, steps, tools, and artifacts used during discovery (screen captures welcome).

Submission Instructions

Please submit your report via email to the following email address:
alpack@alpackgroup.com

ElevenEs  Empower Everything