Corporate Visions

Responsible Disclosure Security Program

At Corporate Visions, we are committed to the security of our systems and the protection of our customer data. We value the vital role that independent security researchers play in this ecosystem. If you have discovered a security vulnerability in one of our systems, we appreciate your help in disclosing it to us in a responsible manner.

This policy outlines our guidelines for reporting vulnerabilities and our commitment to working with the security community.

Our “Safe Harbor” Commitment

We consider security research conducted under the guidelines of this policy to be authorized, welcome, and “in good faith.” We will not pursue or support any legal action against you for your research or for reporting a vulnerability based on this policy.

We commit to:

  • Acknowledging your report promptly.
  • Working with you to understand and validate your findings.
  • Not pursuing legal action for any research that adheres to this policy.

How to Report a Vulnerability

Please share the details of any suspected vulnerability with our security team by emailing:

security-disclosures@corporatevisions.com

To help us validate and triage your report, please include the following:

  • A clear description of the vulnerability and its potential impact.
  • Detailed steps to reproduce the issue, including any URLs, code snippets, or screenshots.
  • Your contact information (if you would like to be acknowledged).

For sensitive reports, we strongly encourage you to encrypt your communication using our PGP key, which can be found here.

Rules of Engagement

To remain in compliance with our policy and “Safe Harbor” commitment, you must:

  • Make a good faith effort to avoid privacy violations, data destruction, and any disruption to our services (including DoS/DDoS attacks).
  • Do not access, modify, or delete any data that does not belong to you.
  • Do not engage in social engineering (e.g., phishing, vishing) of our employees or customers.
  • Do not use automated vulnerability scanners that produce excessive network traffic.
  • Provide us a reasonable amount of time to fix the vulnerability before making any information public.

Scope

This policy applies to all public-facing assets and services owned by Corporate Visions.

In Scope:

  • *.corporatevisions.com
  • *.truvoice.io
  • *.vplaybook.com
  • *.primary-intel.com

Out of Scope:

  • Third-party services or vendors used by Corporate Visions (unless the issue is a result of our misconfiguration).
  • Our corporate social media or marketing pages hosted on third-party platforms.
  • Any vulnerability reports related to spam, missing DNS security headers (e.g., SPF, DKIM), or “self” XSS (users attacking themselves).

What to Expect From Us

After you submit a report, we will make our best effort to:

  1. Acknowledge receipt of your report within 2 business days.
  2. Provide an update on our initial triage and validation within 5 business days.
  3. Keep you informed of our remediation progress.
  4. Notify you when the vulnerability has been fixed.

Acknowledgments

We believe in recognizing the valuable work of security researchers. Unfortunately we are unable to currently offer monetary bounties.

Thank you for helping us keep Corporate Visions and our users safe.