Reporting a Vulnerability
If you discover a security vulnerability in any system or property operated by 37SOLUTIONS, please report it to us promptly. We take all reports seriously and will respond as quickly as possible.
Email your report to security@37solutions.com. Please include as much detail as possible: the affected URL or system, a description of the issue, and steps to reproduce it if applicable.
What to Expect
- We will acknowledge receipt of your report within 3 business days.
- We will investigate and keep you informed of our progress.
- We will notify you when the issue has been resolved.
- We will not take legal action against researchers who report issues in good faith and follow this policy.
Scope
This policy applies to all systems and web properties operated by 37SOLUTIONS, including but not limited to:
- 37solutions.com and its subdomains
- Client-facing portals and infrastructure managed by 37SOLUTIONS
Out of Scope
The following are outside the scope of this policy:
- Denial of service attacks or any testing that degrades service availability
- Social engineering or phishing attacks targeting our staff or clients
- Physical security testing
- Automated scanning that generates excessive traffic
Disclosure
We ask that you give us reasonable time to investigate and address a vulnerability before any public disclosure. We are happy to coordinate disclosure timing with you and will credit researchers who report valid issues if they wish.
security.txt
This policy is referenced in our security.txt file, located at /.well-known/security.txt per RFC 9116 .