Details

Reporting Security Issues

If you believe you have discovered a vulnerability in an Attentive product or have a security incident to report, contact us at [email protected]. When researching a potential vulnerability in an Attentive product, please adhere to and remain cognizant of the following rules of the road:

Do not exploit any Attentive product beyond what is necessary to provide Attentive with the steps to replicate the potential vulnerability. Practically, this means not compromising accounts, downloading data, or causing denial of service or destructive outcomes.
We consider the following potential vulnerabilities out of scope and ask that you refrain from reporting or conducting activities aimed at: social engineering, clickjacking, incomplete or non-implementation of protocols or configurations that you may consider industry standard (e.g., TLS enforcement, CSP/SPF/DMARC/DKIM), and Attentive Javascript code or integrations on a third party's systems (research into such potential vulnerabilities should be governed by that third party's responsible disclosure program).

Our Response Process

Once we have received a vulnerability report, Attentive takes a series of steps to address the issue:

Attentive requests the reporter keep any communication regarding the vulnerability confidential.
Attentive investigates and verifies the vulnerability using the reporter's detailed instructions to replicate.
Attentive addresses the vulnerability, which may include patching the requisite software or system, or using compensating controls to mitigate any harm.
Attentive will endeavor to keep the reporter apprised of the outcome of their report and at that time, shall provide consent to the reporter's publication of the vulnerability.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services, and better protect our customers. Thank you for working with us through the above process.

Reporting Security Issues

Do not exploit any Attentive product beyond what is necessary to provide Attentive with the steps to replicate the potential vulnerability. Practically, this means not compromising accounts, downloading data, or causing denial of service or destructive outcomes.

We consider the following potential vulnerabilities out of scope and ask that you refrain from reporting or conducting activities aimed at: social engineering, clickjacking, incomplete or non-implementation of protocols or configurations that you may consider industry standard (e.g., TLS enforcement, CSP/SPF/DMARC/DKIM), and Attentive Javascript code or integrations on a third party's systems (research into such potential vulnerabilities should be governed by that third party's responsible disclosure program).

Our Response Process

Once we have received a vulnerability report, Attentive takes a series of steps to address the issue:

Attentive requests the reporter keep any communication regarding the vulnerability confidential.

Attentive investigates and verifies the vulnerability using the reporter's detailed instructions to replicate.

Attentive addresses the vulnerability, which may include patching the requisite software or system, or using compensating controls to mitigate any harm.

Attentive will endeavor to keep the reporter apprised of the outcome of their report and at that time, shall provide consent to the reporter's publication of the vulnerability.