Legal Policies
Acceptable Use Policy
Updated February 21, 2018
Customer Agreement
Updated February 21, 2018
Customer Use Addendum
Updated February 21, 2018
Service Specific Terms
Updated February 21, 2018
Privacy Policy
Updated February 21, 2018
Support Policy
Updated February 21, 2018
General Data Protection Regulation
Updated May 20, 2018
Copyright & Trademark Violations
Updated February 21, 2018
Third Party Code in Inventiv Products
Updated February 21, 2018
Security
Inventiv welcomes the security community in helping us identify and fix security issues with our products or services. Please find reporting instructions below.
Reporting a Security Vulnerability
Please provide the following technical information when reporting a discovered security vulnerability. This information will help us assess the impact of the issue and form an appropriate response.
- Provide steps to reproduce the issue, including any URLs or code involved.
- If you are reporting a cross-site scripting (XSS) vulnerability, your exploit should display an alert dialog in the web browser. Preferably, this alert dialog should display the user’s authentication cookie.
- For a cross-site request forgery (CSRF) vulnerability, please use a proper CSRF case when a third party causes the logged in victim to perform an action.
- For a SQL injection attack, please provide an exploit extracting database data. Producing an error message is not sufficient to qualify your disclosure as an actionable vulnerability.
- If demonstrative of the exploit, please provide any relevant traffic capture demonstrating your proof-of-concept.
Please refrain from sending links to non-Inventiv websites, or attaching potentially executable files such as EXE, DOC, or PDF documents.
We will not respond to a generic vulnerability scanner report. However, if you have a report that was used as a starting point for your examination of a specific vulnerability, we will gladly review relevant sections of a scanner report if you point us in the right direction.
Reporting a Security Incident
Please provide the following technical information when reporting a security incident. This information will help us assess the impact of the issue and form an appropriate response.
- Provide the steps to reproduce the issue, including any URLs or code involved.
Please refrain from sending links to non-Inventiv websites, or attaching potentially executable files such as EXE, DOC, or PDF documents.
Submitting your Security Incident or Vulnerability
Please submit your report using the contact form to the right.
Public Disclosure
Please further assist us by practicing responsible disclosure of any vulnerabilities you discover. Before disclosing a vulnerability publicly, we require that you first request permission from Inventiv. Inventiv will process requests for public disclosure on a per-report basis. These requests will only be considered once the reported vulnerability is fixed.
Low-Priority Vulnerabilities
Please do not report low-priority security vulnerabilities. A low-priority vulnerability is anything that only exploits client-side vulnerabilities inherent to web browsers or the HTTP protocol. Additionally, please refrain from reporting content spoofing, phishing, error stack traces, or non-authentication cookies that are not marked as Secure or HTTPOnly.