Vulnerability Disclosure Policy
I. Introduction
AmTrust Financial Services, Inc., our subsidiaries, and affiliates (collectively, “AmTrust”, “we”, “us” or “our”) is committed to a strong information governance program and endeavors to protect customer and website user information. A part of this process is continuous review and improvement of our security posture. This Vulnerability Disclosure Policy (the “Policy”) is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey the requirements to submit information of discovered vulnerabilities. If you believe you’ve found a new security vulnerability in one of our products or platforms, please follow the Guidelines below and notify us by emailing SecurityVDP@amtrustgroup.com.
We take the security of our systems seriously and value the role that independent security researchers play. The disclosure of security vulnerabilities helps ensure the security and privacy of our users. This Policy governs how to review and report a security vulnerability; please review this Policy before testing and/or reporting a vulnerability. This Policy describes what systems and types of research are covered, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.
We want security researchers to feel comfortable reporting vulnerabilities they've discovered - as set out in this Policy - so we can fix them and protect our users. We have developed this Policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith. We encourage you to contact us to report potential vulnerabilities in our systems.
II. Authorization
By complying with this Policy, we will consider your research to be authorized, we will work with you to understand and resolve the issue, and AmTrust will not recommend or pursue legal action directly related to your research. We will investigate legitimate reports and make every effort to quickly correct any vulnerability. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this Policy, we will make this authorization known.
III. Responsible Disclosure Guidelines
1.We require that all researchers:
2. If you follow the requirements documented in this Policy we shall:
3. AmTrust does not permit the following:
4. Things we do not want to receive:
5. How to report a security vulnerability?
IV. AmTrust Security Researcher Hall of Fame
We appreciate and want to recognize the contributions of security researchers. If you are the first researcher to report a confirmed vulnerability, we will list your name in our Hall of Fame (unless you would prefer to remain anonymous). You must comply with this Policy to be considered.
Security Researcher Hall of Fame
Gaurang Maheta - 2024
Including news updates, blog notifications and all information you need to know about insurance, caravans and equipment.