geo takes product and service security, trust, and transparency seriously. We value and appreciates the work that security researchers do to make the internet a better place and would like to make it as easy as possible to report vulnerabilities. This policy provides guidelines for reporting product security issues and vulnerabilities to geo .
Disclosure Policy: If you believe you have found a security vulnerability that could impact geo, geo products or users of geo products, we encourage you to let us know as quickly as possible. We will investigate all legitimate reports and do our best to quickly fix the problem. In return, we expect you to make a good faith effort to avoid privacy violations, destruction of data, service interruption or degradation of our services. Only interact with accounts and devices you own or where you have the explicit permission of the account holder or device/system owner/operator.
If you believe you have discovered a vulnerability in a geo product or have a security related incident to report, please email us to firstname.lastname@example.org. geo requests that you give us a reasonable amount of time to resolve the reported issue before any disclosure to the public or a third-party.
geo has aligned it’s approach with that of CERT and undertakes to not subject parties conducting security research and reporting vulnerabilities in a responsible manner to potential criminal investigation and/or taking of legal action. The following activities will not benefit from this undertaking:
Information Security Officer
Dated: 22 October 2018