What is Responsible Disclosure?
At Fijishi, we take the security of our systems seriously and follow industry-level best practices to make our websites and apps a safe place for customers to discover and purchase products. We value the work done by security researchers in keeping the online community safe. We encourage this community to participate in a responsible reporting process in case they identify a potential vulnerability in our systems by sharing the details of the vulnerability scenario in a confidential manner as detailed below. We will work closely with them to investigate and take action swiftly to correct the issues.
Our commitment to your security.
If you would like to report a security vulnerability on any of our websites or apps, we request you to contact us immediately by sending an email to francesco.conti@fijishi.com with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions. If you intend to make the information public, please give us reasonable time to appropriately fix the problem before making such information public. Our security team will work with you to estimate and commit to such time frame.
If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our systems’ ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one. While we appreciate the inputs of whitehat hackers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.
Our unwavering commitment to your data and project security.
At Fijishi, security isn’t just a policy; it’s a foundational pillar of our operations, deeply integrated into every research initiative, solution co-creation, and data interaction. As a new-age Think Tank, we understand that our reputation, and critically, your trust, hinges on the integrity and confidentiality of the insights we generate and the data we handle.
While our Responsible Disclosure program is vital for external vigilance, it is part of a much broader, proactive security framework designed to protect our systems and, by extension, your interests.
What our security commitment means for you, our partner.
- Protecting Your Confidentiality: Any data, proprietary information, or project specifics shared with Fijishi are treated with the utmost confidentiality. Our internal protocols and secure infrastructure are designed to safeguard your sensitive information in line with global best practices and relevant data protection regulations. We invite you to review our comprehensive Privacy Policy Link for further details on data handling.
- Securing Collaborative Solutions: Solutions and applications co-created with Fijishi, powered by our Aeterna AI, are built with security-by-design principles. Our development lifecycle incorporates rigorous security testing, code reviews, and vulnerability assessments to ensure the resilience and integrity of the technology we deploy.
- Robust Internal Security Practices: Our commitment extends beyond external reports. Fijishi maintains a dedicated internal security team responsible for continuous monitoring, regular penetration testing, and timely patching of all systems. Our employees undergo mandatory security awareness training to cultivate a culture of vigilance.
- Transparent Vulnerability Management: When a vulnerability is reported (internally or externally), our incident response team follows a structured protocol for immediate assessment, containment, remediation, and root cause analysis. Our focus is on swift and effective resolution to minimize any potential risk.
- Building Trust Through Proactive Measures: We continuously invest in advanced security technologies and methodologies to anticipate emerging threats. Our adherence to industry-leading security standards ensures that our platforms and processes are robust against evolving cyber risks, giving you peace of mind.
For customer-specific security inquiries.
While the above email is for reporting technical vulnerabilities, if you are a Fijishi client or partner and have specific security-related questions about your data, our services, or our security framework, please contact our Client Security Liaison at: security.support@fijishi.com
Your security is our priority. We are committed to fostering a secure environment that enables innovation and collaboration without compromise.
Acknowledgements
We do not have a bounty/cash reward program for such disclosures, but we express our gratitude for your contribution in different ways. For genuine ethical disclosures, we would be glad to publicly acknowledge your contribution in the Hall of Fame section on our website with your permission.