Security & Responsible Disclosure - YaWorks

Purpose
YaWorks is committed to maintaining the confidentiality, integrity, and availability of its information systems.
This policy describes how external parties can report potential security vulnerabilities and how YaWorks handles such reports.

________________________________________

Reporting Information Security Incidents
Suspected vulnerabilities or information security incidents can be reported to:
Email: security@yaworks.com
Reports should include, where possible:
• A description of the observed issue
• The affected system, application, or URL
• Steps to reproduce the issue
• Supporting evidence such as logs or screenshots
________________________________________

Handling of Reports
Reported issues are handled in accordance with YaWorks’ internal information security incident management procedures.
This includes:
• Registration and classification of the report
• Assessment of potential impact and risk
• Determination and implementation of corrective actions
• Documentation of outcomes
________________________________________

Responsible Disclosure Guidelines
YaWorks requests that reporters:
• Act in good faith and avoid privacy violations or service disruption
• Limit testing to what is strictly necessary to demonstrate the issue
• Refrain from public disclosure until remediation measures have been implemented or the risk has been accepted
________________________________________

Legal Considerations (Safe Harbor)
Activities conducted in accordance with this policy and applicable law will not be considered unauthorized access by YaWorks.
This does not apply to actions that intentionally cause harm, data loss, or service degradation.
________________________________________

Communication and Disclosure
YaWorks may communicate with the reporting party regarding the status of the report, where appropriate.
Decisions regarding external disclosure are made in accordance with YaWorks’ risk management and compliance obligations.
________________________________________

Recognition
At YaWorks’ discretion and with consent of the reporting party, responsible disclosures may be acknowledged publicly.
________________________________________

Policy Review
This policy is reviewed periodically and updated as necessary to remain aligned with applicable standards and regulatory requirements.

PGP fingerprint:
ABB7 2625 5F31 0FD5 1D38 1266 CA18 2027 819F 61A9