Responsible
Disclosure
Program
Terms
of
Use
Effective Date: 5th August 2024

1. Introduction

Ocean Hubb Consulting - FZCO, also known as OceanHubb ("we," "our," or "us"), is committed to ensuring the security and privacy of our systems and the information we hold. We value the input of security researchers and others who are committed to improving our security protocols. This Responsible Disclosure Program ("Program") outlines how you can report potential security vulnerabilities to us and the terms under which such reports are handled.
By participating in this Program, you agree to comply with these Responsible Disclosure Program Terms of Use ("Terms"). If you do not agree to these Terms, please do not participate in the Program.

2. Reporting Security Vulnerabilities

2.1 Eligibility
You must be at least 18 years old to participate in this Program. By submitting a report, you represent and warrant that you meet this age requirement.

2.2 Reporting Process
If you believe you have discovered a security vulnerability in any of our systems, please report it to us by following these guidelines:

  • Email your findings to [Insert Contact Email] with the subject line "Responsible Disclosure Report."
  • Include a detailed description of the vulnerability, including the steps required to reproduce it.
  • Provide any relevant supporting materials, such as screenshots, videos, or proof-of-concept code.

2.3 Safe Harbor
When reporting vulnerabilities under this Program, we ask that you:

  • Act in good faith to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data.
  • Refrain from using any automated tools to identify vulnerabilities unless explicitly permitted by us.
  • Do not publicly disclose the vulnerability prior to our confirmation and resolution.


3. Program Guidelines

3.1 In-Scope
The following types of security vulnerabilities may be considered in scope:

  • Remote code execution
  • SQL injection
  • Cross-site scripting (XSS)
  • Authentication or authorisation flaws
  • Sensitive data exposure
  • Privilege escalation
  • Any other vulnerability that could impact the security of our systems or the
    privacy of our users

3.2 Out-of-Scope
The following types of activities and vulnerabilities are not considered in scope:

  • Denial of Service (DoS) attacks
  • Physical attacks on our infrastructure or data centres
  • Social engineering attacks (including phishing)
  • Any vulnerability that has already been publicly disclosed
  • Reports that require extensive or sophisticated user interaction to be
    exploited

3.3 No Compensation
This Program does not offer monetary rewards or compensation for vulnerability reports. Your participation is voluntary, and any recognition we give you is at our sole discretion.

4. Legal Considerations

4.1 Authorisation
By reporting a vulnerability to us, you agree that you will not engage in any activity that could be construed as illegal or unethical and that you have the legal right to provide us with the information regarding the vulnerability.

4.2 No Legal Protection
Participation in this Program does not confer any legal protection to you. You are responsible for ensuring that your activities comply with all applicable laws and regulations.

4.3 Confidentiality
You agree to keep any communications and details about vulnerabilities confidential until we have had adequate time to address the issue and provide public disclosure.

5. Our Commitment

5.1 Response
We will acknowledge receipt of your report within a reasonable timeframe, typically within [5-7 business days]. We will work to assess the vulnerability and determine the appropriate actions.

5.2 Recognition
At our discretion, we may offer public recognition of your contribution, such as listing your name or alias in a "Hall of Fame" section on our website. However, we will only do so with your explicit consent.

6. General Terms

6.1 Changes to Terms
We reserve the right to modify these Terms at any time. Any changes will be posted on this page with an updated effective date.

6.2 Governing Law
These Terms shall be governed by and construed in accordance with the laws of the United Arab Emirates. Any disputes arising under or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Dubai, UAE.

6.3 Contact Information
If you have any questions about this Program or these Terms, please get in touch with us at:

Ocean Hubb Consulting - FZCO
Dubai Silicon Oasis Free Zone
Dubai, United Arab Emirates

Email: info@oceanhubb.com

Ignite the Conversation

OceanHubb is uniquely positioned to bridge the gap between the UAE/MENA region and the lucrative markets of South Korea, Japan, and Singapore.

Our comprehensive services, including environmental consulting and carbon trading, further enhance our value proposition, ensuring that we meet the evolving needs of businesses sustainably and responsibly.

let's talk
Empowering Dreams, One Dollar at a Time
inquiry@oceanhubb.com
Quick Links
Home
Who We Are
What We Do
Industries / Sectors
Insights
Contact
Offerings
Environmental Consulting
Carbon Trading
M&A Advisory
Market Entry Strategy
Business Strategy
Legal
Privacy Policy
Terms of Use
Responsibility Disclosure
© Ocean Hubb Consulting - FZCO.