Vulnerability Disclosure Policy

Betacom Inc

April 3, 2025

Introduction

Betacom is dedicated to maintaining the highest standards of cybersecurity and protecting the sensitive information of our clients and partners. As part of this commitment, we have established this Vulnerability Disclosure Policy (VDP) to provide security researchers with a clear and consistent process for reporting security vulnerabilities in Betacom’s systems.

This policy outlines the scope of authorized security research, how to submit vulnerabilities, and the expectations for responsible disclosure. We encourage the security research community to engage with us in identifying and resolving potential vulnerabilities so that we can ensure a safer and more secure digital environment.

We value collaboration with security researchers and appreciate your efforts in helping us identify security flaws before they can be exploited.

Authorization

Betacom encourages security researchers to conduct vulnerability research in good faith, following the guidelines outlined in this policy. If your research aligns with these guidelines, Betacom will consider it authorized and will not pursue legal action. We are committed to working with researchers to resolve identified vulnerabilities and will support your efforts to improve the security of our systems.

Guidelines

Researchers are expected to follow these guidelines when testing Betacom’s systems:

  • Notify Betacom as soon as you discover a real or potential security issue.
  • Avoid any actions that could harm privacy, degrade user experience, disrupt production systems, or compromise data.
  • Use exploits only to confirm the presence of a vulnerability, without causing further harm or accessing sensitive information.
  • Provide Betacom with a reasonable amount of time to address the issue before disclosing it publicly.
  • Do not submit a high volume of low-quality reports.
  • Immediately cease testing and notify Betacom if you encounter sensitive data such as personally identifiable information (PII) or proprietary information.

By adhering to these guidelines, you help us maintain a secure environment for all users.

Test Methods

The following test methods are not authorized under this policy:

  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
  • Physical testing, including attempts to gain unauthorized access to facilities (e.g., tailgating).
  • Social engineering tactics, such as phishing, vishing, or impersonation.
  • Any non-technical methods that could disrupt or harm Betacom’s systems or users.

We ask that all security testing be conducted responsibly and with the utmost respect for our users and systems.

Scope

This policy applies to the following systems and services operated by Betacom:

  • *.betacom.com
  • betacom.com

Any other services not explicitly listed above, including those provided by third-party vendors, are out of scope for testing under this policy. If you’re unsure whether a system is in scope, please contact us at itadmins@betacom.com before beginning your research.

We will update this policy periodically to include new systems and services as they are launched.

Reporting a Vulnerability

To report a vulnerability, please submit your findings via itadmins@betacom.com. We accept reports submitted anonymously, but we encourage you to provide contact information so we can acknowledge receipt and coordinate remediation. If possible, emails can be sent in English or Spanish.

When submitting a vulnerability report, please include the following information:

  • The system or service where the vulnerability was found.
  • A description of the vulnerability and its potential impact.
  • Steps to reproduce the issue, including any proof-of-concept code or screenshots, if applicable.
  • A summary of the severity of the vulnerability and the potential risks associated with it.

What to Expect from Us

When you share your contact information with us, we commit to:

  • Acknowledging receipt of your report within 3 business days.
  • Providing confirmation of the vulnerability’s existence, when applicable.
  • Keeping you informed about the status of the vulnerability remediation process and any challenges that may arise.
  • Maintaining open communication throughout the process until the issue is resolved.

We aim to address vulnerabilities as quickly as possible and will work with you to ensure a prompt resolution.

Questions

If you have any questions about this policy or need clarification, please feel free to reach out to us at itadmins@betacom.com. We also welcome suggestions for improving this policy.