Responsible Disclosure Policy

In this policy, references to “Glasswall”, “us”, “we” and “our” mean Glasswall Ltd., a privately held company.

Glasswall was founded on the ideology that every file should be trusted, and we believe that companies and individuals should have the freedom to access and use technology in a safe and consistent manner.

We advocate transparency within the security industry, with a willingness and desire to share information with one another, creating a secure digital world for us all to enjoy.

Glasswall is committed to engaging positively with the research community that protects our company and customers. Therefore, we actively encourage anybody that has identified a vulnerability to work with us so that we can maintain the integrity, functionality, and confidentiality of our software.

The terms below apply to any website, application, or service distributed by or hosted by Glasswall.

Please use the form below OR the email address [email protected] to alert us to:

  • Vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data, software, or services, or our customers’ data
  • Applications that mimic, mislabel, misdirect, or “copycat” Glasswall, or phishing attacks even if they do not originate from Glasswall sources
  • Written or verbal discussion, activities, or data in any public forum which you believe constitutes a threat to Glasswall, our employees or our customers

Disclosing a security concern to Glasswall

When contacting us to provide a disclosure, you agree to the terms of our Privacy Policy and that we can use the information you provide to ensure the integrity, security, and reliable functionality of our technology and business.

If you are uncomfortable sending any of the following content by email, you may mask or redact sensitive content.

Your submission should contain:

  • Clear, descriptive summary of the vulnerability with accurate evidence (logs, screenshots, responses or other evidence).
  • Include date of first discovery
  • Tools involved with the discovery of the vulnerability.
  • Detailed steps on how to reproduce the issue.
  • Platform details including IP addresses, vulnerable endpoints, services etc.
  • Personal assessment of exploitability, or the inherent risk of the issue.
  • Your contact details (If you are not comfortable, please anonymise using the form here).

Responsibilities

DO:

  • Provide a detailed and complete submission
  • Be sure to include your contact information so that Glasswall can communicate as necessary
  • Be specific and detailed
  • Treat the vulnerability report and any vulnerability as confidential information and not divulge to any third person (except disclosure to Glasswall) any such information until public disclosure is mutually agreed upon with Glasswall
  • Report vulnerabilities in a vendor we integrate with or leaks of Glasswall customer data

DO NOT:

  • Do not break international, federal, state or local laws
  • Put Glasswall data, employees or customers at risk
  • Do any unsolicited testing that would result in a denial of service (DoS), attempt at physical access, or anything that could be considered social engineering against Glasswall employees

Glasswall’s response

Glasswall has measures in place to ensure that reports of this nature are treated with high importance, and can be responded to quickly and effectively. Glasswall commits to responding to credible vulnerability disclosures that provide the required information within 48 business hours.

We will not respond to:

  • Hoaxes or anonymous reports.
  • Reports that are generic or lack evidence to be verified.
  • Reports that bear no relevance to Glasswall as a company, its technologies, or its employees or customers.
  • Reports that are non-actionable.

Recognition

Glasswall believes in coordinated disclosure with regard to vulnerabilities that have been reported to us and fixed. We expect professional conduct and will seek to agree on reasonable timelines for updates and coordination with security researchers and others who may report vulnerabilities.

While we will work diligently to address vulnerabilities, we will work with you to set expectations on timeline for fixing a vulnerability and do not adhere to specific windows of time for fixes, or updates to the person who filed the report. We will disclose publicly alongside anyone who makes a report that helps us ensure our technologies, data, and employees are secure. At this time, we do not have a formal bug bounty program, but each submission will be reviewed on an individual basis in context to severity.

Please click here  to report a vulnerability or information about any other relevant security issue.

Thank you for helping keep Glasswall secure!

We appreciate the efforts of the global security research community who work to identify vulnerabilities and collaborate with organizations like ours to create a fix and communicate responsibly to affected parties.

What is Glasswall CDR?

Embedded Engine

CDR Platform

Solutions

REST APIs

Email Security

Threat Intelligence

Plug-ins

CDS Plug-in

ICAP Plug-in

Menlo Plug-in

Palo Alto Plug-in

apps

Apps

Clean Room

Desktop

Why CDR?

We believe people should be free to open their files without fear. Glasswall CDR takes a proactive approach to automatically remove all Zero-day threats from files, without sacrificing productivity.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cybersecurity Crisis Response

Cybersecurity Crisis Prevention

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

Glasswall CDR Portfolio

Reactive cybersecurity is failing - it’s time for a better way. Traditional detection-based security methods play catch up with new threats. Find out how your organization can take a proactive approach to cybersecurity.

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.