Vunerability Disclosure Policy

At Edazoo (First Media), we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. We understand that security issues can be found, and we are committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us.

Please note that Edazoo does not operate a bug bounty program and makes no offer of reward or compensation in exchange for submitting potential security concerns or vulnerabilities.

Guidelines

• Notify us as soon as possible after you discover a real or potential security issue.
• Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems and destruction or manipulation of data.
• Only use exploits to the extent necessary to confirm the presence of a vulnerability.
• Do not use an exploit to compromise or exfiltrate data, establish persistent unauthorised access or use the exploit to pivot to other systems.
• Provide us with a reasonable amount of time to resolve the issue before you disclose it publicly.

Reporting

If you believe you’ve found a security vulnerability in our systems or services, we encourage you to notify us. We welcome working with you to resolve the issue promptly. Please email us at security@firstmedia.co.uk.

We recommend that your report includes:

• When the vulnerability or issue was identified.
• Describe the system or product for which the vulnerability was discovered.
• Describe the steps needed to reproduce the vulnerability.
• Any remediation suggestions or ideas to address the vulnerability.

Changes to This Policy

We may revise this policy from time to time. The most current version of the policy will govern our processing of your personal data and will always be at https://www.edazoo.co.uk/vulnerability-disclosure-policy.

Contact Us

If you have any questions about this policy, please feel free to contact us at security@firstmedia.co.uk.