EDAS Conference Services (EDAS), a provider of services for scientific conferences, is committed to ensuring the security and privacy of our users. Towards this end, EDAS is now formalizing our policy for accepting vulnerability reports in our service. We hope to foster an open partnership with the security community, and recognize that the work the community does is important in continuing to ensure safety and security for all of our ussers. We have developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.

Scope

EDAS Vulnerability Disclosure Program initially covers the following sites: https://*.edas.info

Researchers that submit a vulnerability report to us, once accepted and validated by our product security team, will be given full credit on our website.

Legal Posture

EDAS Conference Services will not engage in legal action against individuals that submit vulnerability reports through our vulnerability reporting mechanism. We openly accept reports for the currently listed EDAS sites. We agree not to pursue legal action against individuals who:

How to Submit a Vulnerability

To submit a vulnerability report to the EDAS Security Team, please use the help form.

Report Acceptance Criteria

We will use the following criteria to decide whether or not to accept the report. Report declines mean that the report was not of sufficient quality or was out of scope.

What we would like to see from you:

What you can expect from us:

Versioning

This document was created 05-March-2019. Any updates will be noted below in the version notes.