ºÚÁÏÍø

ºÚÁÏÍø Responsible Disclosure Program 

ºÚÁÏÍø takes the security and privacy of our systems and data seriously and always aims to provide the most secure platform possible. We investigate all received vulnerability reports and implement the best course of action in order to protect our customers and partners.
Home

Last Updated: July 2023


At ºÚÁÏÍø, we believe that working with dedicated as well as independent security researchers can help identify weaknesses in any technology. If you are a security researcher and have discovered a security vulnerability in ºÚÁÏÍø products and services, we appreciate your help in disclosing it to us in a responsible manner.


REPORTING A POTENTIAL SECURITY VULNERABILITY


If you believe you have identified a vulnerability:

  • Gather all relevant details of the suspected vulnerability including which system, the date and time it was discovered, the mechanisms used to discover the vulnerability and a comparison of expected vs. actual behaviour
  • Send an e-mail to disclosure@rideco.com notifying the ºÚÁÏÍø team of which system is affected, the issue identified and your preferred contact method
  • Please do not share your findings elsewhere before ºÚÁÏÍø has had reasonable time to respond to you directly with our own findings, remediations and other considerations


    • UPON RECEIPT OF DISCLOSURE, RIDECO WILL:


  • Provide an acknowledgement of your report (typically within 48 business hours of submission)
  • Communicate with you through secure channels to validate and remediate any findings
  • Provide you with notice when the vulnerability has been resolved
  • Provide acknowledgement in published reports
  • Post a security advisory/CVE if required

    • WHILE RESEARCHING, THE FOLLOWING CONDUCT IS EXPRESSLY PROHIBITED


  • Performing actions that may negatively affect ºÚÁÏÍø and its users (ex: spam, brute force, denial of service, etc)
  • Accessing, or attempting to access, data or information that does not belong to you
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
  • Conducting any kind of physical or electronic attack on ºÚÁÏÍø personnel, property, or system environments
  • Social engineering of any ºÚÁÏÍø employees or contractors
  • Violating any laws or breaching any agreements in order to discover vulnerabilities

    • CHANGES TO POLICY


    We may revise these guidelines from time to time. The most current version of the guidelines will be available here.


    CONTACT


    Please visit /contact to provide ºÚÁÏÍø with feedback, questions or concerns not relating to Responsible Disclosure.


    RESPONSIBILITY


    It is the responsibility of ºÚÁÏÍø’s Incident Response Team to enforce this policy.

    PRODUCTS
    Passenger AppDriver AppOperations CenterData InsightsProfile Manager
    ±«³§·¡Ìý°ä´¡³§·¡³§
    ParatransitUnderperforming Bus RoutesEmployee CommutingFirst/Last MileLong-Distance CommutingLow-Density Area Mobility
    COMPANY
    About UsCase StudiesCareersContact UsTech PartnersFleet PartnersConsultants
    RESOURCES
    ResourcesDriver TermsRider TermsPrivacy PolicySecurityAccessibility PolicyResponsible Disclosure Program