FUNDA I-DEMO

Inqubomgomo Yokudalula Ukuba Sengozini

I-SharpSpring evela ku-Constant Contact (SharpSpring) ibheka ukuphepha kwezinkundla zethu kanye nedatha yabasebenzisi bethu njengento ebaluleke kakhulu. Uma uthole noma ukholwa ukuthi uthole ubungozi bokuvikeleka obungaba khona kusevisi ye-SharpSpring, sikukhuthaza ukuthi usidalule ngokutholakele kwakho ngokushesha ngokuhambisana nalolu hlelo lokudalulwa kwe-Vulnerability Disclosure. Sicela uqaphele ukuthi Uhlelo Lokudalula Ukuba Sengozini luhlukile kunenzuzo yesiphazamisi. Uhlelo Lokudalula Ukuba Sengozini luvumela izigebengu ze-ethics ukuthi bathole futhi babike ubungozi kodwa alunikezi isinxephezelo semali. I-SharpSpring igodla ilungelo lokwamukela noma ukwenqaba noma yikuphi ukuthunyelwa.

I-Safe Harbour

Uma uthola futhi ubika ubungozi bokuvikeleka ngokuhambisana nalolu [Uhlelo Lokudalula Ukuba sengozini], sibheka lolu cwaningo njengolulandelayo:

  • Igunyazwe ngokuhambisana ne-Computer Fraud and Abuse Act (CFAA) (kanye/noma imithetho yezwe efanayo), futhi ngeke sikuqale noma sisekele izinyathelo zomthetho ngokumelene nawe ngokwephula ngephutha, ngokwethembeka ukwephulwa kwale Nqubomgomo Yokudalula Ngokuzithandela;
  • Ukhishiwe ku-Digital Millennium Copyright Act (DMCA), futhi ngeke sikulethe isimangalo sokweqa izilawuli zobuchwepheshe;
  • Ukhululiwe emikhawulweni yethu Imigomo Yesevisi lokho kungaphazamisa ukwenza ucwaningo lwezokuphepha, futhi siyeka leyo mikhawulo ngokwesisekelo esilinganiselwe somsebenzi owenziwe ngaphansi kwalolu [Uhlelo Lokudalulwa Kobungozi]; futhi
  • Kusemthethweni, kuwusizo kukho konke ukuphepha kwe-inthanethi, futhi kwenziwa ngokwethembeka.

Ulindeleke, njengenjwayelo, ukuthi uthobele yonke imithetho esebenzayo. Uma noma ngasiphi isikhathi unokukhathazeka noma ungenasiqiniseko sokuthi ucwaningo lwakho lwezokuphepha luyahambisana nalolu [Uhlelo Lokudalulwa Kobungozi], sicela usithinte ngaphambi kokuqhubeka.

Ukufaneleka

Akumele ubambe iqhaza kulolu hlelo uma ungumsebenzi noma ilungu lomndeni lesisebenzi, noma umthengisi wamanje noma isisebenzi salowo mthengisi, we-SharpSpring wanoma yiziphi izinkampani ezingaphansi kwayo. Awuvunyelwe futhi ekubambeni iqhaza uma (i) usezweni noma endaweni okuhloswe kuyo unswinyo lwase-US (okuhlanganisa i-Cuba, i-Iran, i-Syria, i-North Korea, noma isifunda sase-Crimea sase-Ukraine), (ii) esiqokwe njenge-Specially Umuntu Oqokiwe Kazwelonke noma Ovinjiwe Ihhovisi Lomnyango Wezimali Wase-US Wokulawula Izimpahla Zangaphandle noma umnikazi, olawulwayo, noma omele umuntu onjalo noma ibhizinisi, noma (iii) uma kungenjalo inhlangano enqatshelwe ngaphansi kwemithetho yase-US yokuhweba nokuthekelisa.

Inqubomgomo Yokudalula Ngokuzikhethela:

Ngenxa yokuthi ukudalulwa komphakathi kokuba sengozini kwezokuvikela kungabeka wonke umphakathi we-SharpSpring engcupheni, sidinga ukuthi ugcine ubungozi obunjalo buyimfihlo kuze kube yilapho sesikwazi ukukuxazulula. Ngakho-ke, ukudalulwa komphakathi kwemininingwane yokuhanjiswa kwanoma yikuphi ubungozi obuhlonziwe noma okusolwayo ngaphandle kwemvume ebhaliwe evela kwa-SharpSpring kuzothatha ukuthunyelwa njengokungahambisani nale Nqubomgomo Yokudalula Ukuba Sengozini. 

Ukuthola ubungozi bokuphepha

Sikhuthaza ucwaningo lwezokuphepha olunesibopho mayelana namasevisi nemikhiqizo ye-SharpSpring. Sikuvumela ukuthi wenze ucwaningo ngobungozi kanye nokuhlola kumasevisi nemikhiqizo ye-SharpSpring ogunyaze ukufinyelela kuyo. Akukho mcimbi lapho ucwaningo nokuhlolwa kwakho kuyobandakanya, ngaphandle komkhawulo:

  • Ukufinyelela, noma ukuzama ukufinyelela, ama-akhawunti noma idatha okungeyona eyakho noma abasebenzisi bakho abagunyaziwe,
  • Noma yimuphi umzamo wokulanda, ukulungisa, noma ukucekela phansi noma iyiphi idatha,
  • Ukwenza, noma ukuzama ukwenza, ukwenqatshwa kokuhlaselwa kwesevisi,
  • Ukuthumela, noma ukuzama ukuthumela, i-imeyili engacelwanga noma engagunyaziwe, ugaxekile noma ezinye izinhlobo zemiyalezo engacelwanga,
  • Ukuhlola amawebhusayithi ezinkampani zangaphandle, izinhlelo zokusebenza noma amasevisi ahlanganisa nanoma yiziphi izinsiza ze-SharpSpring,
  • Ukuthumela, ukudlulisa, ukulayisha, ukuxhumanisa, ukuthumela noma ukugcina uhlelo olungayilungele ikhompuyutha, amagciwane noma isofthiwe eyingozi efanayo, noma ukuzama ukuphazamisa noma ukwehlisa isithunzi amasevisi e-SharpSpring.
  • Noma yimuphi umsebenzi owephula noma yimuphi umthetho osebenzayo.

Ukubika Ubungozi bokuphepha kwe-In-Scope

Uma ukholwa ukuthi uthole inkinga yokuba sengozini kwezokuvikela, sicela wabelane ngemininingwane ne-SharpSpring ngokugcwalisa yethu Ifomu lokuhambisa. Sizosebenzisana nawe ukuze siqinisekise futhi siphendule ekubeni sengozini yezokuvikela osibikayo. Umbiko wakho uzodluliselwa kuzakwethu (BugCrowd) ukuze wamukelwe ngesikhathi nokuqinisekiswa. Uklonyeliswa “ngamaphuzu” ngombiko ngamunye owamukelwe ngokusemthethweni owenziwe. Kufanele ube ngumuntu wokuqala ukubika isiphazamisi ukuze uzuze wonke amaphuzu angenzeka.

Izinkinga eziqinisekisiwe zizodluliselwa emaqenjini ethu okuthuthukisa ukuze zilungiswe emugqeni wesikhathi ohambisana nobucayi benkinga (njengoba kuchazwe yi-BugCrowd Vulnerability Rating Taxonomy). {https://bugcrowd.com/vulnerability-rating-taxonomy}

Sicela ungathumeli ama-imeyili okuba sengozini ngokuqondile kubasebenzi be-SharpSpring. Ukuxhumana nge-imeyili phakathi kwakho ne-SharpSpring, okuhlanganisa ngaphandle komkhawulo, ama-imeyili owathumela ku-SharpSpring abika ukuba sengozini okungenzeka kwezokuphepha, akufanele aqukathe noma yiluphi ulwazi lwakho lobunikazi. Okuqukethwe kukho konke ukuxhumana kwe-imeyili oyithumela kwa-SharpSpring kuzothathwa njengokungekona okobunikazi. I-SharpSpring, noma iyiphi inxusa layo, ingasebenzisa lokho kuxhumana noma izinto ezisetshenziswayo nganoma iyiphi inhloso, okuhlanganisa, kodwa kungagcini nje, ukukhiqiza kabusha, ukudalula, ukudlulisa, ukushicilelwa, ukusakaza, nokunye ukuthumela.

 

Ngaphandle Kwe-Scope 

Okulandelayo uhlu oluyingxenye yezinkinga esikucela ukuthi ungazibiki, ngaphandle uma ukholwa ukuthi kukhona ubungozi bangempela:

  • I-CSRF kumafomu atholakala kubasebenzisi abangaziwa
  • Ukudalulwa kwamafayela omphakathi aziwayo noma izinkomba (isb. robots.txt)
  • Izandiso Zokuvikela Zesistimu Yegama Lesizinda (DNSSEC) iziphakamiso zokucushwa
  • Ukudalulwa kwesibhengezo kumasevisi avamile/omphakathi
  • Iziphakamiso zokucushwa kwesihloko sokuvikeleka se-HTTP/HTTPS/SSL/TLS
  • Ukushoda kwamafulegi avikelekile/e-HTTPKuphela kumakhukhi angazweli
  • Phuma kwi-Cross-Site Request Forgery (phuma ngemvume ku-CSRF)
  • Amasu obugebengu bokweba imininingwane ebucayi noma wobunjiniyela bezenhlalakahle
  • Ukuba khona kohlelo lokusebenza noma isiphequluli sewebhu 'ukuqedela ngokuzenzakalela' noma 'londoloza iphasiwedi'
  • Ukucushwa kwe-Sender Policy Framework (SPF) kanye neziphakamiso zokuqinisekisa umlayezo osuselwe kusizindalwazi, ukubika nokuhambisana (i-DMARC)

Ngokubamba iqhaza kulolu hlelo lokudalulwa kwe-Vulnerability Disclosure, uyavuma ukuthi ufundile futhi uyavumelana ne-SharpSpring's. Imigomo Yesevisi futhi Isaziso sobumfihlo, kanye ne Imigomo Ejwayelekile Yokudalula ye-BugCrowd. Esimeni sanoma yikuphi ukungqubuzana phakathi kweMigomo Yesevisi ye-SharpSpring kanye Nemigomo Ejwayelekile Yokuveza Ulwazi ye-BugCrowd, Imigomo Yesevisi ye-SharpSpring izolawula.