Banner

  • BUSINESSNEXT’s approach to vulnerability disclosure

    At BUSINESSNEXT, fostering trust is our top priority. We work closely with our customers, partners, security experts, and industry peers to empower the entire CX community and promote secure, stronger growth.

    Welcome to our Responsible Security Disclosure Policy page. We take the security of our platforms, products and our users' data very seriously, and we value the help of security researchers and others who bring potential vulnerabilities to our attention. We believe that working with the security community is an important way to maintain the highest level of security for our platform.

    We encourage anyone who discovers a potential security vulnerability in our platform to report it to us as soon as possible. We will investigate all reported vulnerabilities promptly and take appropriate measures to fix them.

  • Notification of a Possible Security Vulnerability:

    To report a vulnerability, please send an email to our security team at [email protected]. Registered users can contact us via their respective BUSINESSNEXT support portal. When you report a vulnerability, please include as much information as possible about the vulnerability, including:

    • A description of the vulnerability, including the steps to reproduce it

    • Any tools or techniques used to discover the vulnerability

    • The impact of the vulnerability, including the potential risk to our platform or our users' data

    • If you can provide a fix or mitigation for the vulnerability, please include it in your report

    We ask that you do not disclose any details about the vulnerability to anyone else until we have had a chance to investigate and address it. We will work with you to ensure that any disclosure of the vulnerability is done in a responsible manner.

    As part of our responsible disclosure process at BUSINESSNEXT, we require a 60-day embargo period. During this time, we will verify and address the vulnerability before it can be disclosed to any third parties.

  • Prohibited Actions:

    At BUSINESSNEXT, we value the input of security researchers who find and report vulnerabilities to us in a responsible manner. However, the following actions are strictly prohibited and may not be conducted during security research:

    • Conducting actions that may harm BUSINESSNEXT or its users, such as spamming, brute-forcing, or launching denial-of-service attacks.

    • Attempting to access data or information that is not owned by you, or destroying or corrupting data that does not belong to you.

    • Conducting any kind of electronic or physical attack on BUSINESSNEXT property, personnel, or data centers.

    • Engaging in social engineering tactics against any BUSINESSNEXT employee, contractor, vendor, or partner.

    • Conducting security testing on participating services using instances other than test instances.

    • Breaching any laws or agreements to discover vulnerabilities.

  • BUSINESSNEXT Security Team Commitment:

    In return for your responsible disclosure of a security vulnerability, we commit to:

    • Aim to acknowledge receipt of your report within 2 to 3 business days

    • Investigate the reported vulnerability promptly and take appropriate measures to fix it

    • Keep you informed of our progress in fixing the vulnerability

    • Give credit to the person who reported the vulnerability, unless they wish to remain anonymous

    We will not take legal action against anyone who reports a security vulnerability to us in good faith and in compliance with this policy.

    We thank you for your help in keeping our platform, products and customers secure.