Login Try It Free
Login Try It Free
Table of contents

Any questions?

Monday to Friday
8 a.m. to 5 p.m. (ET)

Chat with us

Vulnerability disclosure program.

We have always been committed to ensuring the security and privacy of our users. We therefore recognize the importance of collaborating with security researchers and members of the broader community to identify and mitigate potential security vulnerabilities in our products and services.

Our Vulnerability Disclosure Program (VDP) is designed to encourage the responsible disclosure of security vulnerabilities in Agendrix’s systems and to facilitate the coordination of disclosure and remediation efforts.

Scope

Our Vulnerability Disclosure Program covers all systems, applications, and services owned and operated by Agendrix.

Responsible Disclosure

We encourage security researchers and individuals who discover potential vulnerabilities to report them promptly. However, we request that you provide us with enough time to investigate and address the issues reported before disclosing them to the public or third parties. We also ask that you operate in good faith and that you:

  • Do not compromise the privacy or safety of our customers;
  • Do not interrupt or degrade our services;
  • Do not modify or access data that does not belong to you.

Types of Vulnerabilities

We encourage the responsible disclosure of any security vulnerabilities that could potentially compromise the confidentiality, integrity, or availability of Agendrix’s systems or data. This includes, but is not limited to:

  • Cross-Site Scripting (XSS);
  • SQL Injection;
  • Server-Side Request Forgery (SSRF);
  • Authentication Bypass;
  • Remote Code Execution (RCE);
  • Information Disclosure;
  • Privilege Escalation.

Out of Scope

This Vulnerability Disclosure Program does not cover:

  • Automated scanning of any kind;
  • Currently known or previously reported vulnerabilities;
  • Denial-of-service attacks;
  • Spam/Rate-limiting issues;
  • Social engineering/phishing attacks;
  • Accessing non-sensitive files and directories (for example: README.txt, robots.txt, .gitignore, etc.);
  • Physical security vulnerabilities;
  • Email spoofing (including lack of SPF, DKIM, From: spoofing, and visually similar or related issues);
  • Missing HTTP security headers;
  • Vulnerabilities in third-party applications or services, even if they integrate with Agendrix’s systems.

Reporting Process

To report a vulnerability, please send an email to [email protected].

Your email should include the following information:

  1. A detailed description of the vulnerability, including the steps to reproduce it;
  2. Any relevant technical information or proof-of-concept code;
  3. Your contact information, including your name and email address.

Your report should clearly demonstrate impact. Always select a non-disruptive method to demonstrate the impact. If demonstrating the impact requires a disruptive approach, stop and report the issue. We will then validate the impact.

Response and Communication

Upon receiving a vulnerability report, we will send you an acknowledgment of receipt within 48 hours. We will work to verify the reported vulnerability and determine its risk based on probability, severity and impact on our systems. Once the vulnerability has been confirmed, we will prioritize resolving it based on its risk level.

We will maintain open communication with the reporter throughout the resolution process by providing regular updates on the status of the investigation and resolution.

Rewards

We will decide whether the vulnerability qualifies for a reward or not based on probability and impact.

If the vulnerability qualifies, we offer rewards for responsibly disclosing security vulnerabilities in accordance with this program. The reward amount will be determined based on the severity and impact of the reported vulnerability. Rewards for qualifying findings range from 50 to 1000 CAD.

Conclusion

We value the contributions of security researchers and members of the community in helping us maintain the security and integrity of our systems. We are committed to promptly addressing and remedying reported vulnerabilities to ensure the ongoing protection of our users and their data.

Thank you for your cooperation in keeping Agendrix safe and secure.

Contact Information

Email: [email protected]
Website: https://www.agendrix.com/security

Start scheduling
in minutes.

Try it free
Up to 21 days of free trial. Easy setup. Cancel anytime.