Welcome to acre security's Security Center

At acre security, safeguarding the physical and digital realms stands as our unwavering commitment. Our seasoned teams are dedicated to fortifying security throughout our product suite, a mission that thrives on collaboration. We highly value insights from customers, partners, industry aficionados, and end-users alike.

This page serves as your go-to resource for reporting security vulnerabilities within acre solutions or technologies. Upon your report, our diligent team will swiftly engage in the identification, analysis, and mitigation of known vulnerabilities, guiding you through actionable steps to manage security risks efficiently.

For comprehensive details and guidance on utilizing the acre Security Center, please refer to the sections below.

Disclosure Policy

Acre Security’s Responsible Disclosure Policy

Our purpose is to eliminate your risk with our expertise and experience - and we do this by helping you manage your security data, we Guarantee regulation and compliance, and we secure what matters to you most. Achieving this promise hinges on our capability to deliver secure products, services, and online experiences.

Acknowledging the critical role of the security community, we encourage open dialogues and partnerships with security researchers and other experts in the field.

Should you discover a security vulnerability potentially impacting acre security, our clientele, or our end-users, we urge immediate notification. Rest assured, all legitimate reports receive our full attention and investigation.

We are grateful for your contributions towards safeguarding our clients, users, and organizational integrity.

Scope

All acre security products, services, and websites are included within this scope. It's important to note that testing outside this scope, particularly on third-party products or services, is not authorized by us. Any vulnerabilities found in third-party offerings should be reported directly to the respective vendor.

Reporting Vulnerabilities

To report a vulnerability, kindly use the submission form provided below.

Disclosure Practices

• acre security adheres to the industry-standard practices of coordinated and responsible vulnerability disclosure. We request that reporters do the same by permitting acre security time to address vulnerabilities. This also includes allowing us to inform our affected customers and users prior to any public disclosure or sharing of the vulnerability with third parties.
• acre security will publicly disclose product security advisories via https://acresecurity.com/security-center and/or through direct communication with impacted customers.

Safe Harbor Declaration

Acre security champions the belief that well-intentioned security research deserves safe harbor. In alignment with this belief, acre security will not pursue legal action against individuals who conduct security research in good faith, adhere to all relevant laws, and follow the guidelines outlined in this policy.

Expectations

• Engage in good faith to avoid causing harm to acre security, our customers, and end-users. This includes avoiding privacy violations, data destruction, and service interruptions or degradation.
• Refrain from attempting unauthorized access to acre security offices, data centers, or user accounts.
• Avoid testing methods such as spam, phishing, social engineering, or intentionally causing denial of service disruptions to acre security services.
• Do not attempt to access the premises, data centers, or accounts of our customers or end-users without expressed permission from the system owner.
• Comply with all applicable legal and regulatory requirements, avoiding actions that compromise or distribute data not owned by you, or further exploiting confirmed vulnerabilities.
• Limit data access to the minimum necessary to demonstrate a proof of concept if a vulnerability inadvertently grants data access. Following validation by acre security, ensure proper disposal of all data copies.

Ensuring the security of our community and products remains a top priority at acre security. By reporting vulnerabilities through approved channels, you play a crucial role in our collective cybersecurity efforts.