• SKYTIP Products & Services: If you would like to report a vulnerability or have a security concern regarding SKYTIP Products & Services, or other related issues such as Suspicious Orders, Suspicious Emails, or Vulnerability Reporting in general, please e-mail firstname.lastname@example.org.
So that we may more effectively respond to your vulnerability report, please provide any supporting material that would be useful in helping us understand the nature and severity of the vulnerability. The information you share is kept confidential within SKYTIP, and will not be shared with third parties without your permission.
SKYTIP will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.
Once the report has been submitted, SKYTIP will work to validate the reported vulnerability. If additional information is required in order to validate or reproduce the issue, SKYTIP will work with you to obtain it. When the initial investigation is complete, results will be delivered to you along with a plan for resolution and public disclosure.
A few things to note about the SKYTIP Evaluation Process:
• Website Add-Ons: Upon order and installation for any Website Add-On to an already active and existing Website. If, the Website Add-On creates a vulnerability which affects your Current Website or Monthly Website Services, SKYTIP will notify the author of the Add-On, and setup further communication between you and the third party.
• Confirmation of Non-Vulnerabilities: If the issue cannot be validated, or is not found to be a flaw with a SKYTIP Website Add-On, this will also be shared with you.
• Vulnerability Classification: SKYTIP uses the Common Vulnerability Scoring System (CVSS) to evaluate potential vulnerabilities. The resulting score helps quantify the severity of the issue and to prioritize our response.
SKYTIP is committed to being responsive, and keeping you informed of our progress as we investigate your reported security concern. You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability. You will receive progress updates from us at least every five working days.