Login
Data Breach Scan

Vulnerability Disclosure Policy

LAST UPDATED: April 23, 2024
Security is the top priority at HEROIC as our mission is to intelligently protect the world’s information. By 2020 there will be over 50 billion devices and web applications connected to the cloud, with HEROIC leading the charge to secure those resources. Beyond securing the technology of our clients and our own products we also work hard to find and remediate vulnerabilities that affect the masses. In accordance with our mission we have adopted the following vulnerability disclosure policies in the products and services that we work with.

HEROIC adheres to a 90-day disclosure deadline.

We notify vendors of vulnerabilities immediately, with details shared publicly with the defensive community after 90 days, or sooner if the vendor releases a fix. We’ve chosen a deadline timeline standardized by many of the largest technology companies in the world and feel it’s reasonably calibrated for the current state of the industry.

  • Weekends and holidays. If a deadline is due to expire on a weekend or US public holiday, the deadline will be moved to the next normal work day.

  • Grace period. We have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch. Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+).

  • Solutions. We will use our resources as much as possible to work with companies to help them provide fixes to users in a reasonable time.

  • Assignment of CVEs. CVEs are an industry standard for uniquely identifying vulnerabilities. To avoid confusion, it’s important that the first public mention of a vulnerability should include a CVE. For vulnerabilities that go past deadline, we’ll ensure that a CVE has been pre-assigned.

We reserve the right to bring deadlines forward or backward based on extreme circumstances and we are committed to treating all vendors equally. We also expect to be held to the same standard when we find vulnerabilities in our own software. Our objective is to help reduce the number of people harmed by targeted attacks and we believe these policies are in line with our mission of intelligently securing the world’s information.

HEROIC has not launched yet, but you can be the first to join when we do.

The guardian platform is still underway, we expect it to be ready for early access by late 2024. If you want to be the first to join ahead of the "invite only" process, subscribe below to get notified when we launch.

00) Early Access User List

Add your email to get notifications when we launch, you will be the first to join!

Be the first to know when we launch

HEROIC is still under development, but we are well underway. We estimate launching in early 2024. Subscribing lets you know when we launch, and how you can be the first to reserve your HERO's (special currency specific to the platform).

Sign Up for Our Newsletter

Email marketing by Interspire