Your next Airmeet webinar is on the house.
Host for Free
Host Login
Attend an Event
Book a Demo

Responsible Disclosure Policy

We are a global compliant company and take the security of our products and services very seriously. Despite stringent quality standards for the security of these systems, it may occur that there still is a vulnerability that slipped through the cracks of our quality assurance processes.

If you have discovered any vulnerability in the Airmeet platform, please submit it to our vulnerability disclosure program hosted by BugBase.

Visit BugBase

Airmeet takes the security of its products and services very seriously. We believe responsible disclosure of any security vulnerabilities identified by security researchers is an essential part of that commitment to ensure stringent quality standards for the security of these systems. This Responsible Disclosure Policy (“Policy“) is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. Responsible disclosure requires mutual trust, respect, and transparency between all members of the security community.

If you believe you have found a real or potential security vulnerability in any Airmeet-owned software or source code, then please report it to us as soon as possible at [email protected]. We would like to work with you to protect our customers and our systems in a better way.

We will acknowledge receipt of your vulnerability report as soon as possible. In case your vulnerability report is a ‘valid issue’ then we will strive to send you regular updates about our progress.

If you are curious about the status of your disclosure please feel free to email us again at the above-mentioned e-mail address. If for some reason you do not receive a response within a reasonable time from us then please follow up via email to ensure we received your original message.

  • Disclosure Process
  1. Please always ensure to avoid any privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
  2. Please only use exploits to the extent necessary to confirm the presence of any real or potential security vulnerability and do not use an exploit to compromise or exfiltrate data, establish persistent command-line access, or use the exploit to pivot to other systems.
  3. Please do not report any security vulnerabilities through public channels or to any third parties without our prior written consent, instead, please report them to the Airmeet Security Team at [email protected].
  4. We prefer all communications to be in English. Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
  • Type of issue (e.g. Remote Code Execution (RCE), Server-side request forgery (SSRF), SQL injection, cross-site scripting, etc.);
  • Full paths of (source) file(s) related to the manifestation of the issue;
  • When applicable, the location of the affected source code (tag/branch/commit or direct URL);
  • Any special configuration required to reproduce the issue;
  • Step-by-step instructions to reproduce the issue;
  • Impact of the issue, including how an attacker might exploit the issue this information will help us triage your report more quickly.

 

Please do not submit a high volume of low-quality reports on security vulnerabilities.

  • Rules of Engagement

Please DO NOT disclose the vulnerability until we have been able to correct it. See below for possible publication.

  • Do not exploit the vulnerability by unnecessarily copying, deleting, adapting or viewing data. Or, for example, by downloading more data than is necessary to demonstrate the vulnerability.
  • Do not apply the following actions:
    • Placing malware (virus, worm, Trojan horse, etc.);
    • Copying, modifying, or deleting data in a system;
    • Making changes to the system;
    • Repeatedly accessing the system or sharing access with others;
    • Using automated scanning tools; (e.g. Nuclei, Zap, Burpscan Report, etc.)
    • Using the so-called “brute force” of access to systems;
    • Using denial-of-service or social engineering (phishing, vishing, spam, etc.).
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications.
  • Immediately erase all obtained/exfiltrated data as soon as it is reported.
  • Do not perform actions that could have an impact on the proper functioning of the system, both in terms of availability and performance, but also in terms of confidentiality and integrity of the data.

 

Acts under this Responsible Disclosure Policy should be limited to conducting tests to identify potential vulnerabilities, and sharing this information with Airmeet. If, after the vulnerability has been removed, you may publish information about the vulnerability on social platform or in public or to any third party, only with our prior written approval by notifying us at least one month in advance. Hence, you can identify us in public or before any third party only after giving our explicit written approval.

If you have any questions, we encourage you to address them to the Airmeet Security Team at [email protected]. In case of doubt about the applicability of this Policy, please contact us first via the above-mentioned e-mail address, to ask for an explicit permission.

Airmeet reserves the right to change the content of this Policy from time to time or to terminate the Policy at any time.

Acknowledgements

We are not offering cash rewards for any vulnerabilities. If your submission is valid, we will send you “Airmeet Swags” as a token of appreciation. 

About Us
Careers
Get in touch
Join our community
Become our partner
Media Kit
Security & Compliance
Responsible Disclosure

Platform

Event Experience Cloud
AirStudio
AX360
AirControl
AirIntel
AirCare
Pricing
What's new
Integrations

Solutions

Industries
Education
IT & SaaS
VCs & Accelerators
Communities
Startup Program
Use cases
Job fairs
Award ceremonies
Conferences
Hybrid

Resources

Events
Blogs
eBooks
FAQs
Customer stories
Knowledge base
Event Checklist
Virtual Events Guide
Virtual Conference Guide
What are Hybrid Events?
Virtual Event Statistics
Airmeet Creator Studio
Event Planning Checklist
What is a Webinar

Support

[email protected]

24×7 Support Lounge

Mobile Apps
Request a Demo
About Us
Careers
Get in touch
Join our community
Become our partner
Media Kit
Security & Compliance
Responsible Disclosure
AirStudio
AX360
AirControl
AirIntel
AirCare
Pricing
What’s new
Integrations
Industries
Education
IT & SaaS
VCs & Accelerators
Communities
Startup Program
Job fairs
Award ceremonies
Conferences
Hybrid
Startup Program
Events
Blogs
eBooks
FAQs
Customer stories
Knowledge base
Event Checklist
Virtual Events Guide
Virtual Conference Guide
What are Hybrid Events?
Virtual Event Statistics
Airmeet Creator Studio
Event Planning Checklist

Support

[email protected]

24×7 Support Lounge

Mobile Apps
Terms
Privacy
Cookie Policy
Status
© 2023 Airmeet Inc. or its affiliates, all rights reserved.
Connect with us on
Facebook Twitter Linkedin Youtube Instagram

The Airmeet Event Experience Cloud is the only all-in-one virtual and hybrid event platform for unlimited connection with anyone, anywhere, anytime. Deliver engaging, dynamic, rewarding experiences that your attendees will remember forever.

Explore
AirStudio

Create one-of-a-kind, branded event experiences

AirControl

Manage multiple event workflows from one powerful dashboard

AX360

Connect attendees together in more meaningful ways

AirIntel

Gain insights to help drive more revenue and conversions

AirCare

Tap into 24/7 support, helpful onboarding, and white glove services

What’s New!

The latest features, enhancements and updates to Airmeet

Events can open the door to more connection, and more growth. Discover why Airmeet
is the #1 virtual and hybrid event platform, and how we can help you host events your attendees will never forget.

Read More
Webinars

Craft meaningful conversations

Workshops & Trainings

Host interactive events that inspire your audience

Community Meetups

Engage your community around the year

Product Launches

Leave a lasting impression in the market

Conferences & Summit

Deliver highly customizable events experiences at scale

Hybrid Events

Bring the best of in-person and virtual events together

Tradeshows & Expos

Showcase a world-class exhibition to your buyers

Award Ceremonies

Host a grand reception for your rockstars

Townhalls & Kickoffs

Engage your co-workers with interactive experiences

Job & Talent Fairs

Make an impact with your next recruiting event.

Hackathons

Organize team events that inspire innovation

Pricing

Customers

Case Studies

Stories about customers who have hosted succesful evennts on Airmeet

Testimonials

Hear what customers have to say about Airmeet

Blogs

Guides, FAQs, updates & more from Airmeet

Events

Events curated by Airmeet, keeping you in mind

eBooks

Deep dive into Airmeet’s favorite topics

Group Sales Demo

Get a live, no-strings-attached demo of Airmeet.

Partnership Program

Join our Channel Partnership Program to expand your offering and grow revenue.

Looking to reinvent your events and transform your business? Join marketing leaders as they unpack their integrated Event-led Growth Strategies. It’s down-and-dirty info and frameworks you wish you knew yesterday.
Register Now
Your GTM is yet to catch up with the changes in your buyer’s behavior. Say hello to Event-led Growth. It puts Events at the center of your GTM calendar and real connections at the center of your Growth Strategy.
Explore

Book a Demo