PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE
The ACT Telecom trademark and logo may not be used without the prior written consent of ACT Telecom Pvt Limited and shall not be used in any manner that is likely to cause confusion or in any manner that disparages or discredits the Company, the logo or the Site.
WAll the information displayed, transmitted or carried by the Site and its related websites including but not limited to data, images, graphics, logos, icons, directories, guides, news articles, opinion, reviews, text, photographs, images, illustrations, profiles, softwares, audio clips, video clips, trademarks, service marks and the like, e-mail, messages posted by the user in a chat room, discussion forum or otherwise (collectively "Information") are protected by copyright, trademarks and other intellectual property laws. The Information is owned by the Company, its affiliates or third party licensors. You agree to abide by all copyright notices and restrictions that are applicable to any Information and not to alter the Information in any way. You further agree not to transfer the Information to any other person and you agree that you shall do all that may be necessary to prevent any unauthorized copying of the Information.
Except as expressly provided herein, the Company, its affiliates, subsidiaries and its suppliers do not grant any express or implied right to you under any intellectual property laws. Any other rights may be expressly granted to you by the Company in writing. All trademarks, brands and names used on this Site, including trademarks, brands and names of affiliates, co-subsidiary, co-branders, partners, advertisers, etc., are the property of their respective owners and the Company claims no right, title or interest to such trademarks, brand and names used on this Site.
At ACT maintaining the security and integrity of our Services is a priority. We are committed to creating a safe, transparent environment to report vulnerabilities; Hence, ACT appreciates the work of security researchers in order to improve our services and its security.
Any security vulnerability found by you that could impact ACT or our customers, we encourage you to report this right away. Any legitimate incident reported by you shall be investigated internally and we shall fix the problem as soon as we can. In this regard, we request you to follow ACT's Vulnerability Disclosure Policy and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.
Scope
This Disclosure program includes every applications and services that ACT provides including any product that ACT may provide as part of its Services.
All vulnerabilities affecting ACT should be reported via email to the Cyber Security Incident Response Team via Cybersecurity@Actcorp.in
Eligible Vulnerabilities
In order to be eligible under our Vulnerability Disclosure Policy, the following conditions needs to be met:
You must agree to our Vulnerability Disclosure Policy.
You must be the first person to responsibly disclose an unknown issue
You must submit a proper summary of the vulnerability and reproduce all the steps as may be required by ACT’s security team.
All legitimate reports will be reviewed and assessed by ACT’s security team to determine if it is eligible.
We encourage the coordinated disclosure of vulnerabilities of the following application:
Cross-site scripting
Sensitive Data Exposure – Cross Site Scripting (XSS) Stored, SQL Injection (SQLi), etc.
Authentication or Session Management related issues
Remote Code Execution
Particularly clever vulnerabilities or unique issues that do not fall into explicit categories
Cross-site request forgery in a privileged context
Server-side code execution
Authentication or authorization flaws
Injection Vulnerabilities
Directory Traversal
Information Disclosure
Significant Security Misconfiguration
Program Exclusions
While we encourage any submission affecting every applications and services that ACT provides including any product that ACT may provide as part of its Services, the following examples are excluded from this program:
All issues without clearly identified security impact, missing security headers, or descriptive error messages will be considered out of scope.
Your findings should be supported by clear and precise documentation with no speculative information.
All findings should have an indication of relevance and impact. We reserve our right not to act in case of findings with no real risk impact on our data integrity and security.
All researches violating this Policy terms, Terms of Service, Safety and Security and data-related documentation as well as governing law shall be treated as acting in bad faith and in an illegal manner.
We are not obliged to provide remuneration, fee or rewards for any vulnerability disclosure – such action remains in our full discretion.
Denial of Service (DoS) – Either through network traffic, resources exhaustion or others
User enumeration
Issues only present in old browsers/old plugins/end-of-life software browsers
Phishing or social engineering of ACT employees, users or clients
Systems or issues that relate to Third-Party technology used by ACT
Disclosure of known public files and other information disclosures that are not a material risk (e.g.: robots.txt)
Any attack or vulnerability that hinges on a user’s computer first being compromised
Any vulnerability obtained through the compromise of ACT customer or employee accounts.
Missing Best Practice, Configuration or Policy Suggestions.
Knowingly posting, transmitting, uploading, linking to, or sending any malware.
Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
Testing must not violate any law, or disrupt or compromise any data that is not your own.
Process
Your submission will be reviewed and validated by a member of ACT’s Cyber Security Incident Response Team. Providing clear and concise steps to reproduce the issue will help us to expedite the response.
You shall not disclose any vulnerability with any 3rd Party or to any public at large including through any social network, public / media without prior written consent from ACT.