Skip navigation
Mimic Logo
Detect
Deflect
Recover
Vulnerability Disclosure Policy image

Vulnerability Disclosure Policy

Mimic Networks, Inc. (Mimic) is committed to ensuring the security of our products and services and protecting the trust our customers place in us. This policy is intended to provide clear guidelines for conducting vulnerability discovery activities and to outline our preferences for reporting any discovered vulnerabilities to us. We encourage all security researchers to report potential vulnerabilities in our systems.

Authorization

Mimic will not take legal action against security researchers who act in good faith and comply with this policy. We will consider your research authorized and will work with you to resolve the issue promptly. Should any third party initiate legal action against you for activities conducted in compliance with this policy, we will make our authorization known to help protect you.

Scope

This policy applies to all products and services offered by Mimic. If you are unsure whether a system is in scope, please contact us at security+vdp@mimic.com before beginning your research.

Test Methods

Under this policy, “research” means:
  • - Notifying us as soon as possible after discovering a real or potential security issue.
  • - Avoiding privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
  • - Only using exploits to confirm the presence of a vulnerability. Do not use an exploit to access or exfiltrate data, establish persistent access, or pivot to other systems.
  • - Stopping testing immediately if you encounter sensitive data and notifying us without disclosing the data to anyone else.
The following test methods are not authorized:
  • - Network DoS/DDoS attacks, social engineering, or physical security testing.

Reporting a Vulnerability

If you believe you have found a security vulnerability, please report it by emailing security+vdp@mimic.com. Information submitted under this policy will only be used for defensive purposes to mitigate or remediate vulnerabilities.When reporting a vulnerability, include the following information:
  • - Name of the affected product or service
  • - Description of the vulnerability and its impact
  • - Steps to reproduce, including proof of concept or screenshots

What You Can Expect from Us

  • - We will acknowledge receipt of your report within 3 business days.
  • - We will confirm the existence of the vulnerability and keep you informed of our remediation efforts.
  • - We will coordinate with you on disclosure timelines and provide credit for your contributions.
  • - We will remain transparent about the progress, including any challenges or delays in resolving the vulnerability.

Safe Harbor

Mimic will not pursue legal action against security researchers who comply with this policy. Should third-party legal action be initiated against you, Mimic will make this authorization known to support you.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through our website or other appropriate channels.

Contact Us

If you have any questions about this policy or wish to report a security vulnerability, please contact our security team at security+vdp@mimic.com