Responsible Disclosures.

Updated August 7, 2024

Fullsteam Software Holdings LLC DBA netPark Software (“Company”) is providing this service to help ensure a safe and secure environment for all users.

If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.

This policy applies to netPark hosted applications and to any other subdomains or services associated with products. netPark does not accept reports for vulnerabilities which solely affect marketing websites (https://www.netpark.us/), containing no sensitive data.

Security researchers must not:​

  • engage in physical testing of facilities or resources,

  • engage in social engineering,

  • send unsolicited electronic mail to netPark users, including “phishing” messages,

  • execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks,

  • engage in social engineering,

  • introduce malicious software,

  • execute automated scans or tools that could disrupt services, such as password guessing attacks, or be perceived as an attack by intrusion detection/prevention systems,

  • test in a manner which could degrade the operation of netPark systems; or intentionally impair, disrupt, or disable netPark systems,

  • test third-party applications, websites, or services that integrate with or link to or from netPark systems,

  • delete, alter, share, retain, or destroy netPark data, or render netPark data inaccessible, or,

  • use an exploit to exfiltrate data, establish command line access, establish a persistent presence on netPark systems, or “pivot” to other netPark systems.

Security researchers may:​

  • View or store netPark nonpublic data only to the extent necessary to document the presence of a potential vulnerability.

Security researchers must:​

  • cease testing and notify us immediately upon discovery of a vulnerability,

  • cease testing and notify us immediately upon discovery of an exposure of nonpublic data, and,

  • purge any stored netPark nonpublic data upon reporting a vulnerability.

Thank you for helping to keep netPark and our users safe!