Responsible Disclosure Policy
Last updated October 15, 2021
Collaborne B.V. dba NEXT is committed to ensuring the safety and security of our customers. We aim to foster an open partnership with the security community, and we recognize that the work the community does is important in continuing to ensure safety and security for all of our customers. We have developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.
Scope
NEXT's Responsible Disclosure Policy covers the following products:
We intend to increase our scope as we build capacity and experience with this process. Researchers who submit a vulnerability report to us will be given full credit on our website once the submission has been accepted and validated by our product security team.
Legal Posture
NEXT will not engage in legal action against individuals who submit vulnerability reports through our Vulnerability Reporting inbox. We openly accept reports for the currently listed NEXT products. We agree not to pursue legal action against individuals who:
How to Submit a Vulnerability
To submit a vulnerability report to NEXT's Product Security Team, please utilize the following email support@nextapp.co.
Preference, Prioritization, and Acceptance Criteria
We will use the following criteria to prioritize and triage submissions.
What we would like to see from you:
What you can expect from NEXT:
If we are unable to resolve communication issues or other problems, NEXT may bring in a neutral third party to assist in determining how best to handle the vulnerability.
Vulnerability Bounty Program
Currently NEXT does not have a bounty program for vulnerability reports.
Credits