At ScienceLogic, we are committed to safeguarding our customers’ information and ensuring the security of the software and services we deliver. We encourage responsible disclosure procedures for reporting any issues to maintain the integrity of our systems.

Scope

This policy pertains to the following domains and their associated subdomains:

Furthermore, the scope extends to all products or services listed on our official platform pages:

Scope Exclusions

Any product or service not explicitly listed on our approved product or service listing is deemed out of scope. Additionally, the following are not considered valid for scope:

  • Missing HTTP Headers
  • Vulnerabilities for End-of-Life products
  • Version enumeration via web banners or headers
  • Clickjacking/Tab nabbing
  • SPF, DMARC, or DNSSEC misconfiguration issues

Reporting Vulnerabilities

Vulnerability reports may only be submitted through our dedicated ingestion form, accessible at the bottom of this page. Submissions will undergo review to validate findings and ensure they are not duplicates or already known issues.

Rules of Engagement / Noncompliance

Public disclosure of vulnerability submission details without written consent from ScienceLogic constitutes noncompliance with this Responsible Disclosure Policy. We expect security researchers to adhere to the following rules to mitigate potential risks to our and our customers’ data:

  • Refrain from physical attacks
  • Avoid activities that could compromise data availability, integrity, or loss
  • Do not engage in Denial-of-Service (DoS/DDoS) attacks
  • Abstain from social engineering against ScienceLogic employees or customers
  • Do not submit reports regarding vulnerabilities for vendors or products we do business with
  • Avoid using tooling that may cause a surge in network traffic
  • Do not attempt brute force credential attacks