At Liberty Company, we value the trust our customers and partners place in us to protect their information. Security is a top priority, and we are committed to maintaining a secure environment for our website and services. This security policy outlines how we address security issues and engage with security researchers.
If you believe you have discovered a security vulnerability on our website (https://libertycompany.com/) or any of our systems, we encourage you to notify us as soon as possible. Your input is crucial in helping us ensure the safety and security of our services.
Please email your findings to our security team at security@libertycompany.com with the following information:
A clear and concise description of the issue.
Steps to reproduce the vulnerability.
Potential impact and severity of the issue.
Your contact details for further communication.
If you wish to encrypt your email, you can use our PGP public key (add link to the key if applicable).
The following are in-scope for this policy:
All domains and subdomains owned by Liberty Company (e.g., https://libertycompany.com/ and related subdomains).
APIs and backend services supporting our website.
The following are out of scope and should not be tested:
Physical security of Liberty Company premises.
Social engineering of Liberty Company employees, contractors, or customers.
Denial of Service (DoS) attacks.
Any third-party systems or services that are not under Liberty Company’s direct control.
Liberty Company is committed to ensuring that security researchers acting in good faith are not penalized for their efforts. By responsibly disclosing vulnerabilities:
You agree not to access or modify data that does not belong to you.
You will not publicly disclose the vulnerability until it has been resolved.
Liberty Company will not initiate legal action against researchers who follow this policy and act in good faith.
If any aspect of your research is unclear or could potentially violate the law, we recommend contacting us prior to engaging in testing.
When you report a security vulnerability:
Acknowledgment: We will acknowledge receipt of your report within 48 hours.
Investigation: Our security team will validate and investigate the issue.
Resolution: If the report is valid, we will work to address the vulnerability promptly. Updates will be provided throughout the process.
We strive to resolve critical issues within 30 days; however, timelines may vary depending on the complexity of the issue.
While testing, please adhere to the following:
Avoid actions that could cause a denial of service.
Do not exploit the vulnerability beyond what is necessary to demonstrate its existence.
Respect privacy and do not access or modify user data.
Notify us immediately if you encounter data belonging to others.
We request that researchers:
Provide us with adequate time to resolve the issue before disclosing it publicly.
Coordinate with our team on the timing of public disclosures.
We value and appreciate the efforts of security researchers who help make our systems more secure. With your permission, we would be happy to acknowledge your contribution on our website or in public communications.
This policy may be updated from time to time. The latest version will always be available at https://libertycompany.com/security-policy.
For questions or concerns about this policy, or to report a vulnerability, please reach out to our security team at security@libertycompany.com.