Purpose
Willow takes a conscientious approach in the commitment to securing Willow’s products and services. We have opened up the opportunity for security researchers to report their found vulnerabilities so that Willow can continue to protect its customers and users in good faith.
This Vulnerability Disclosure Policy informs how an independent security researcher can report their findings to Willow, the criteria of what can be reported, rules of engagement in performing vulnerability testing activities, and the disclosure time window of when a vulnerability can be publicly disclosed.
Where the processing of your personal information is not subject to the Privacy Act or GDPR, different rules may apply under your applicable law.
Please note that we are not offering compensation for the reporting of discovered or potential vulnerabilities.
When vulnerabilities or sensitive (PII) is discovered we ask that you immediately stop testing and notify Willow by sending a vulnerability report to security@willowinc.com.
The Security Team will reach out via security@willowinc.com as soon as possible with an acknowledgment email.
By sending this submission email to Willow, we note that you have read, understood and agreed with the Vulnerability Disclosure Policy in the context of Willow information systems. Please keep in mind that your report and testing methodologies must follow the scope and rules of engagement outlined in this Vulnerability Disclosure Policy.
We require that you do not publish or make public any vulnerabilities or sensitive data (PII) discovered. Willow is open to discussing the publication of the vulnerability once it has been remediated.
Willow’s systems and services associated with domains and subdomains are within scope. Willow’s domain is willowinc.com. Any other domain is considered out of scope.
If unsure please contact security@willowinc.com.
Please do: