Security Breach

Security breaches and bug resolution Policy

We at Olive Innovations Ltd take security very seriously, and investigate all reported vulnerabilities. Our customers privacy and security is of the highest importance to us, therefore if you discover a vulnerability within any of our platforms or applications we want to know as soon as possible.

Reporting Process

If you find a vulnerability in our platforms we would like to work with you to understand the issue, the scope of the impact so that we can deliver a resolution as soon as possible, therefore we greatly appreciate it if you could follow the following process:

Report the vulnerability by emailing us at security@oliveinnovations.com

In your email include the following information

  • Type of issue, i.e. replay attack, sql injection, cross-site scripting, remote command access, gaining access to a secure system (database, web server), bypass of authentication
  • Product/service affected and version number
  • Step-by-step instructions to recreate the issue
  • Proof of concept/exploit code
  • Impact of issue, how the attacker could use this and what effect of attack/bug

How we handle the report

Once a report has been submitted, we at Olive Innovations will respond to the report within 24 hours to confirm receipt of the report and that we are looking at it, if you do not receive a response within 24 hours please send a follow up email urgently.

  • We will immediatly start the process of confirming the vulnerability and impact to our users, possibly liasing further with the reporter to ensure we fully understand the issue.
  • We will not publicly disclose the vulnerability until our investigation is completed and we have confirmed that a vulnerability exists.
  • As soon as we have confirmed the vulnerability we will start the process of developing a fix and provide the reporter an estimated date for delivery of a fix.

We would greatly appreciate that until such time we have confirmed the vulnerability that it is not disclosed publicly.

Our notification to customers

As soon as we have confirmed a vulnerability we will notify our customers, the timescales for notification are as follows:

  • If the issue is with our cloud services and a fix will not be implemented within 48 hours of verification, we will email all customers immediately informing them that vulnerability has been reported and we are working on a fix with an expected delivery date and a brief description of the issue (but we will not include the details of how to exploit the vulnerability).
  • If the issue is with our cloud platform and a fix is implemented within 48 hours, we will notify all customers of the vulnerability and that a resolution has been implemented.
  • If the issue is with an application supplied by us where a customer has installed locally we will inform all customers of the application vulnerability, the version of the software and advise immediate upgrade.

Acknowledgement and thank you

Our services are complex, we have made every effort to ensure that our platforms and application are secure, we appreciate that by reporting vulnerabilities to us you are helping us and our users keep systems secure.

We really appreciate this, we are transparent in our security and work, therefore if you report an issue to us and agree we would like to give thanks to you for reporting security vulnerabilities to us and working with us to fix them.

Last Updated 31 December 2017