Vulnerability Disclosure Policy

Doctornow Inc

Date: Aug 24, 2023

Introduction

Doctornow Inc is committed to maintaining the security and integrity of our systems. This Vulnerability Disclosure Policy (VDP) outlines our guidelines for responsible disclosure of security vulnerabilities.

Authorization

We welcome security researchers who follow this policy and conduct research in good faith. Organization Name will not pursue legal action against researchers who adhere to these guidelines.

Guidelines

Under this policy, researchers must:

• Notify us promptly upon discovering a security issue.
• Avoid privacy violations and disruption to our systems.
• Use exploits only to confirm a vulnerability, not to compromise or exfiltrate data.
• Provide us reasonable time to resolve the issue before public disclosure.
• Refrain from submitting a high volume of low-quality reports.

Test Methods Not Authorized

• Network denial of service (DoS or DDoS) tests.
• Physical testing or social engineering.
• Any non-technical vulnerability testing.

Scope

This policy applies to the following systems and services:

• *.doctornow.io

Other domains, subdomains and customer applications are excluded from this policy.

Reporting a Vulnerability

Please report vulnerabilities via security@doctornow.io. Reports may be submitted anonymously, and we will acknowledge receipt within 3 business days.

What We Would Like to See from You

Please include:

• Location of the vulnerability and potential impact.
• Detailed steps to reproduce the vulnerability.
• Any proof of concept or screenshots, if available.

What You Can Expect from Us

• Acknowledgment within 3 business days.
• Transparency about our remediation process.
• Open dialogue to discuss the issue.

Acknowledgments

We value the contributions of security researchers and will acknowledge responsible disclosures on our Acknowledgments Page.

No Bounty Offered

Please be aware that Doctornow Inc does not offer monetary rewards or bounties for the discovery of vulnerabilities. We appreciate the efforts of security researchers in helping us maintain the security of our systems, and we commit to recognizing those efforts on our Acknowledgments Page. However, we are unable to provide financial compensation for contributions at this time.

Questions

For questions or suggestions regarding this policy, please contact security@organization.com.