Vulnerability Disclosure Process
Effective date: February 27, 2026
Purpose
Endurance IT welcomes responsible security research and vulnerability reporting. This process exists to help external researchers report vulnerabilities safely and to help us remediate issues quickly and transparently.
Scope
This policy applies to Endurance IT public web properties on the enduranceitsystems.com domain and supporting information security infrastructure that we directly own and operate.
Safe Harbor
We will not pursue legal action against good-faith security researchers who follow this policy, avoid customer impact, avoid privacy violations, and promptly report findings to us without public disclosure before remediation.
How to Report
Send vulnerability reports to security@enduranceitsystems.com. Please include:
1. A clear summary of the issue and affected endpoint/system.
2. Steps to reproduce (proof of concept if available).
3. Impact assessment (confidentiality, integrity, availability).
4. Suggested mitigation, if known.
Report Quality
Clear reports in English, with reproducible steps and proof-of-concept details where possible, receive faster triage. Automated scanner-only output without context may be deprioritized.
Researcher Expectations
Please do not perform denial-of-service testing, social engineering, physical attacks, data exfiltration, or high-volume automated testing that could degrade service availability. Do not access, modify, or retain customer data.
What You Can Expect From Us
We will acknowledge receipt within 2 business days, triage the report, and provide status updates through remediation. If we validate the finding, we will work to remediate based on risk and operational impact.
Disclosure and Coordination
We ask researchers to coordinate disclosure timelines with us and avoid public release until fixes or compensating controls are in place.
Security Policy Violations
If you need to report a potential internal or external information security policy violation, you may contact us at security@enduranceitsystems.com.
Policy Updates
We may update this process from time to time. Updates are effective when posted on this page.