WikiSage Back

Security

Vulnerability Disclosure Program

Operated by ProAgility

This program outlines how to responsibly report security vulnerabilities in WikiSage application. By participating in good faith, you help us protect our users and community.

1

Vulnerability Disclosure Program

At ProAgility, the security of our systems and our users' data is our highest priority. We constantly strive to ensure that our infrastructure, applications, and AI integrations meet the highest security standards. Despite our best efforts, vulnerabilities may still emerge. If you are a security researcher or user and believe you have discovered a security vulnerability in our systems or the WikiSage Slack application, we appreciate your help in disclosing it to us in a responsible manner.

2

Safe Harbor

We consider activities conducted consistent with this policy to constitute "authorized" conduct under the Computer Fraud and Abuse Act (CFAA) and similar laws. We will not pursue civil action or initiate a complaint to law enforcement for accidental, good-faith violations of this policy.

3

Scope

  • In-Scope: The WikiSage Slack Application, our public website, and our official API endpoints.
  • Out-of-Scope: Third-party services we integrate with (e.g., Slack, Atlassian, Google Cloud, OpenAI). Please report vulnerabilities in those services directly to the respective vendors.
4

Rules of Engagement

When conducting vulnerability research, you must adhere to the following rules:

  • Do not access, modify, or delete data that does not belong to you.
  • Do not degrade or disrupt our services (e.g., no Denial of Service / DDoS attacks).
  • Do not use social engineering, phishing, or physical attacks against our employees or infrastructure.
  • Do not publicly disclose the vulnerability until we have had a reasonable timeframe to resolve the issue.
5

How to Report a Vulnerability

Use the form below to submit your findings securely. Include your contact information so we can follow up, plus a clear description and reproduction steps.

6

Our Commitment

We will acknowledge receipt of your vulnerability report within 48 hours and strive to provide you with regular updates on our progress in mitigating the issue.

At this time, ProAgility does not offer a paid bug bounty program, but we sincerely appreciate your efforts to keep our community safe and will gladly offer public acknowledgment (Hall of Fame) for critical disclosures.