You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Something like the following would be appreciated if we could include it:
Third Party Safe Harbor
If you submit a report in accordance with this Policy which affects a third party service we may be required or have an obligation to share certain information with the affected third party. For example, we may share non-identifying content from your report with an affected third party. Except as required by law, we will not share your identifying information with any affected third party without first notifying you.
Please note that we cannot authorize out-of-scope testing in the name of third parties, and such testing is beyond the scope of our Policy. Please contact any third party either directly or through a legal representative, or refer to such third party’s vulnerability disclosure Policy before initiating any testing on that third party or their services. This is not, and should not be understood as, any agreement on our part to defend, indemnify, or otherwise protect you from any third party action based on your actions.
That said, if legal action is initiated by a third party, including law enforcement, against you because of your participation in research under this policy, and you have sufficiently compiled this policy (i.e. have not made intentional or bad faith violations), we will take steps to make it known that your actions were conducted in compliance with this policy. While we consider submitted reports both confidential and potentially privileged documents, and protected from compelled disclosure in most circumstances, please be aware that a court could, despite our objections, order us to share information with a third party.
Of the above, I think the following line is the most important:
Except as required by law, we will not share your identifying information with any affected third party without first notifying you.
This is pulled from the policies from both Microsoft and Gradle:
Something like the following would be appreciated if we could include it:
Of the above, I think the following line is the most important:
This is pulled from the policies from both Microsoft and Gradle:
The text was updated successfully, but these errors were encountered: