Responsible Disclosure Policy
TABLE OF CONTENTS
Introduction
Data security is a top priority for Enervee, and Enervee believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in Enervee’s service, please notify us; we will work with you to resolve the issue promptly.
Disclosure Policy
- If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@enervee.com. We will acknowledge your email within one week.
- Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.
- Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Enervee service. Please only interact with accounts you own or for which you have explicit permission from the account holder.
Exclusions
Enervee is providing this service to help ensure a safe and secure environment for all of its users. As such, any users believed to be engaging in the below activities will have their user credentials immediately deactivated.
While researching, we’d like you to refrain from:
- Denial-of-Service (DoS)
- Spamming
- Social engineering or phishing of Enervee employees or contractors
- Any attacks against Enervee’s physical property
This policy applies to the Enervee Application hosted at choose.enervee.com and to any other subdomains or services associated with the Enervee application, including our client domains who run our white-labeled application under their domain name (usually something like marketplace.their-domain-name.com). We do not accept reports for vulnerabilities solely affecting our marketing website (www.enervee.com) which contains no sensitive data.
Red Team Rules of Engagement
If you want to conduct red teaming against Enervee you will need written permission upfront by emailing security@enervee.com.
You need to get a written authorization letter from our CTO. While you are engaged in red teaming activities you should coordinate with the Security Team so escalation (law enforcement, etc.) can be avoided. The Security Team will notify the Infrastructure Team as well as the VP of Engineering so that awareness is maintained.
Public GPG Key
-
Enervee Security <security@enervee.com>
- ID: 76BB1423
- Fingerprint: 4D7D E529 5F7A 815A 8899 55B7 4DAA 9C0E 76BB 1423
-
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGQBAuEBEADJYxXxTpVPLOgNKGA0iHNfrAY79s3WFV+kypS3S9Iq7TmgcEJy
T30xfMuNOBjsywkoD2vu7f2NFcKBmeteguZCbIsiykOR1+p66avBmhTqptns+5m9
1hL7TwqZW4Oa2vPeK8CZ2xW9D4bKCskTAzYvfxN1aBCISGplfGMmgCmLPMhsMGez
/Csu0Z9+kkOUl3MQxfy3o8CYp3UnOrSo9lIVGvNqnH5YWcFdQrYsvdq9oAklFVT0
oc/VpNpFQjJj+Q8Qod5OI+cXTGp4ZZD/IGLIljrJMCSDlt9laxp6OdDwv+ltrXC9
xVVWVtEreg4O72NT1bS6qpxuDrWRGz6ErdDUCnW5UI/QfOjLEyVBLsnSQMLhYc3y
aByf/Xuj+IHAj6oA2kWF+Rkf4LGjoVbQ2iCUfZDkDLmBxMc5ahrznl8xLTBZkAzl
xrucR3fEyyTAtxo7MTn/J1M6R478A3E8hJp37xE1JbWvEbRVoJeVui0EPmfJwTte
J8KIVnDYmWmUIR6lgqQ07vRahDz0hWdTd52Y6UEEgW8Jo9IlByiJJGF0Op+5Q7ca
ltLIla1pn0VZmryie9bHd40VucfX739P5HZTxiQ+Z9tBGIyqisjUtwvwOYsRGruQ
CSfpDYoBZJnNcmXZ4LRoKlQ/PxBigof7q/f3nRbYRJCPrZmwmLsNvw2hlQARAQAB
tCdFbmVydmVlIFNlY3VyaXR5IDxzZWN1cml0eUBlbmVydmVlLmNvbT6JAlQEEwEI
AD4WIQRNfeUpX3qBWoiZVbdNqpwOdrsUIwUCZAEC4QIbAwUJB4YfMwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBNqpwOdrsUI3CmEACP/2eT7GG0TDCd96SN5oa3
PiKBToRi6V4FdsjzuF+4kc45wbryrzbSjRg1/tyI54qgzC2adcVq07ivHSpJy3DC
5i6Yct814ik5K1NgZ1aE3WyFKgg+mVzokhQKDDeoPqEsj6Orn3JK7B7GOa7zCX4q
7AkahJEvkC1Gje6jXJE/66Pdrsj1GJIigOa2cyfr0zjx56tcMD0b5cWLZqyKmrUC
8UQz2E44bf/0aH9AA4hedjJCbjALZRXcTrlxg0Y3EQfi9HOvpVuBYGqE+8FOsE3Y
Mtork9Nb+4Y56HKb21gkEVirM+0KwjGfbI+/6e1T9mNao2PCfqoLGuomNCk64mQQ
nUq03NEJiY8cJ8uY1x+3MB+hNA9IM3ADYMdEAIDtKllJ90L+tEQtw5WUG95NVlou
hYlSJ/rE07GR9O9iJkCT/7Auas+fwwHQIDjkeU+LygESG5zW3yKWzXiVR4OJrbhc
jK3zBHpWha76MHTbfLIJT8tCRCQlsjL2d5NrThvlI2ynpsEJtqiMh4KK0W/0BdRm
ryaI3fxDdf4Z9rlnE+fK3reA9WWxNdyFju9B/zMVt5aeCUaAbkOCSreg6AVH02n+
MOLjKJyC9E2Dl5O/48fzGtaocTGoBsc3bOBCRPgzlZRJ01zPCq1O/kcv7X0PCB0x
TwJoPAuT3NRF34oJmwaWFLkCDQRkAQLhARAAq1CZ2aVtBvJptupKoDjiJ+ClWG4f
3lV6Oii1HV2ZKOYNh+MG3SibbW2e3177Op4KiANYZsfXqDXKyGQ6JKPjZg9QAG8N
Eoc81HFyZ/YB8bnu1eQEJs0Qsr0EOZRelCUQ66PxNBWgvLXVNHLZkeU8ArZ8Pdt/
v4tf78VHIPd9fAEXl/YAb6zfqe/pVduUMd8wmTzK82mPM0ctNSYegD1kIvHsiQUb
lG5nFtSLY9XWg6BmebeiSpGu5n57G+NeZElFYEpg0M2YF28n+QRojGmhKQ5VeibB
4Fx4d0MxJFoOPnNWwhWInn9jRcPKVDQGRl+5rXjK7lJ2BkfRUaArB2JdwXWGLaYY
HEhDJ/1mFGQHYR60NMEUGdcbL5TNsLfPBGdrvV0TrvKRjVxYq60/3c5InQAEeT0S
JbHChNoEGqpDFfvNlEu7tGRGs+pvF13G7XkzYl13PeBp6r2uQywKWllevdXpVAO5
2L0abRfbQH7SrqId+8JYI8tJcX6Vqj3DMTeQE0ACJbJrgqMRAYk2qD/NBPR7/2Qv
1AXrjMiksNiA/po9grRXyfB4FuaVO7LsTmgHnY8PyaStwrZykYKfnVl1xk8tudM1
Q9qjKA51Vg798Tt2drNZVL+vdoHpF7XcG3IltedrQ26zyYM9c2Ux6wdiLpF5pwK+
lXbZhXz/6Nkfbg0AEQEAAYkCPAQYAQgAJhYhBE195SlfeoFaiJlVt02qnA52uxQj
BQJkAQLhAhsMBQkHhh8zAAoJEE2qnA52uxQjotAP/RS1ybGcSj/6p/RPMmppNebn
O+yB/mJPcL6pqIHFkhE9MmfEDv5d7Zc7h6RDh2Qz5VM8md/QmRGr2OZWJxiYCm3r
N5CdRM9M3ohM7Peo6p4NyzswOUTN2bxicNnZtUeSis9jjOweMB4/dz3Bb+ai+Gr2
1Y69yNxSHeM0lpRENyIFSx1eoZWXFdlsuD88+bWhHTuX7uyzVoWfaftjnBqcm+0u
qBf/lK5yK0Gqm0WFNT5gXKF6ZGXbAs1KIboOdE2sjLnR5dQWl1HS9t5rTAPgxJ+r
1aZVm6rzRiw78ZLz44NGFrPBYBznlW7CVdJRbnOaIw+2MeOjgz4qx/M17pKIAKhL
tmLr2N6oGi+zT3ghsA2/4sCtBLtYAL0umxkRHzTrQmvU7O8tV81Co5Pnwq/9usLM
knPnqQ6Bry0BFTTXOvtX6XvMFa0YM5Lhba308vL08WbGh14kE73XfmYWSqPScMwO
1Qn5hc+SG/azqBwneD/nOw7chsrf2+GABbWakztE8H3F49j/nuELT34jQ7NuUl7F
AQLOr/ChIKV/Av7Nt7srWacNDbWA+cjPY+GrhOl/Fj2+qIXycRmqSG2I0wwUsz9y
m/0Umrlvf+QFsnF9ZuyRO+hv7Q4BUUdY4pIpvqgRtNqsiiQtmCNPKyIcxnwOIaMP
xr7R2k9NCMBRHua6RXkc
=Vn3T
-----END PGP PUBLIC KEY BLOCK----
Contact
Enervee is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@enervee.com.
Thank you for helping to keep Enervee and our users safe!