Vulnerability Disclosure Policy

This statement applies to www..com which is owned and operated by TaxHawk, Inc.

Introduction

At TaxHawk, Inc. we take the security of our services and the protection of our customers' data seriously. We recognize the valuable contribution of security researchers in identifying and responsibly disclosing vulnerabilities. This Vulnerability Disclosure Policy outlines the guidelines for reporting security vulnerabilities discovered in our systems and provides assurance that we will handle such reports in an ethical, prompt, and efficient manner. This program is not a public bug bounty program, and we make no offers of reward or compensation for submitting potential issues. We sincerely appreciate your commitment to improving TaxHawk software and services.

Scope

This policy applies to all internet-accessible, public-facing systems, applications, websites, and services owned or operated by TaxHawk, Inc.

Out-of-Scope

  • Social engineering
  • Phishing
  • Physical security
  • Any form of Denial of Service (DoS)

Testing Methods

TaxHawk requests that all security researchers adhere to responsible security research and ethical hacking principles, which include:

Do Not

  • Disclose any Personally Identifiable Information (PII).
  • Destroy data.
  • Degrade our services.
  • Introduce any malicious software.
  • Access, modify, delete, or exfiltrate TaxHawk data.
  • Disclose the vulnerability to any third parties without our explicit consent.
  • Engage in any illegal activities that violate federal, state, or internal laws or regulations.
  • Engage in any fraudulent activities.

Do

  • Stop testing and notify TaxHawk immediately upon the discovery of a security vulnerability.
  • Comply with applicable laws and act in good faith throughout the process.

Coordinated Disclosure Policy

TaxHawk is committed to patching reported vulnerabilities in a timely manner. The premature disclosure of a vulnerability before a patch can be implemented increases risk. Therefore, TaxHawk requests that security researchers wait ninety (90) calendar days and obtain written permission from TaxHawk before publishing a discovered vulnerability. A well-coordinated disclosure will reduce risk for TaxHawk and its customers while meeting the objectives of the security researcher.

TaxHawk Commitment

  • TaxHawk commits to being as transparent as possible with security researchers during the remediation process.
  • TaxHawk will make its best effort to meet the following Service Level Agreement (SLA) for a reported vulnerability.
    • First Response – 2 days*
    • Time to Triage – 2 days from first response*
    • Time to resolution – aligned to severity, impact, and complexity of the resolution.
    *Business days (Monday-Friday). Time is paused when TaxHawk is awaiting a response from a security researcher.
  • The TaxHawk security team will investigate the reported vulnerability promptly and, if necessary, request further information or clarifications from the researcher.

Safe Harbor

  • If TaxHawk determines the security researcher has made a good faith effort to comply with this policy during their security research, TaxHawk will consider the research to be authorized. We will work with the security researcher to understand and resolve the issue quickly. We will not recommend or pursue legal action related to the researcher's work. Should legal action be initiated by a third party against the researcher for activities that were conducted in accordance with this policy, we will make this authorization known.

Monetary Compensation

TaxHawk does not offer monetary compensation for vulnerability reports. Security researchers who submit claims waive any claims to compensation of any kind now or at any later date. However, TaxHawk may acknowledge individuals who report valid vulnerabilities in our systems through other suitable means, subject to the security researcher's approval.

Policy Updates

TaxHawk reserves the right to update or modify this Vulnerability Disclosure Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website.

Thank you for helping us improve the security of our systems. Your contributions are highly valued, and we appreciate your commitment to responsible disclosure.

TaxHawk, Inc.
security@.com

Declaración federal gratuita para todos

Inicia declaración del 2025