Fieldpine Contact Details
All enquiries -
support@fieldpine.com
Responsible Disclosure
We take security problems in our software very seriously. You may contact us with security
problems within the guidelines below.
Guidelines
Security researchers are required to:
- Make every effort to avoid disruption or degradation to customer or production systems.
- Hold any personal or confidential data secure and not disclose exact details obtained.
- Grant us, and any affected retailer, a reasonable timeframe to address the problem
- Do not share details of the vulnerability until we have had time to investigate.
- Perform security research only within the scope detailed below.
If you follow these guidelines, we commit to:
- Not pursue legal action against you from Fieldpine.
- Liase with the retailer involved (if applicable) and encourage them to follow this policy also.
Most Fieldpine systems are running behind firewalls and do not expose themselves to the internet
directly. These systems are owned and managed by third parties. Fieldpine cannot legally control these
3rd parties and any actions they may undertake against you
Scope
- Fieldpine POS (Windows checkouts)
- Global Data Server
Out of Scope
- Physical testing of the environment
- Social engineering testing
- Network vulnerabilities (DoS/DDos/MITM etc)
How to Report a security vulnerability
In the first instance send an email to support@fieldpine.com with "Security Disclosure" clearly showing
in the subject line. Your email will be passed to the relevant team
Under NO circumstances should you email us credit card data
Staff Members and Checkout operators
If you work for a business using the Fieldpine POS system and discover a vulnerability we encourage
you to report it to us.
We undertake not to report your details to your employer, subject to:
- That you discovered or observed the vulnerability in the normal course of your work
- That you did not use tools you would not normally use in your job and did
not undertake a systematic process to try and discover issues
- The you have not intentionally caused large scale damage or damage that comprimises
information.
- That your employer does not compel us to advise them of this information. We will resist
disclosure but cannot avoid it in all circumstances.
©2016
Fieldpine Developments Ltd
