Responsible Disclosure
At Sonar Software, safeguarding customer trust and the integrity of our systems is a core value. We understand that security researchers play a key role in helping us proactively identify potential risks. If you discover a suspected vulnerability, we urge you to share it with our Security team following this Responsible Disclosure Policy.
The Sonar API, powered by GraphQL query language, allows seamless integration and automation between Sonar’s robust BSS and OSS platform and third-party applications. With the Sonar API, Internet Service Providers can unlock a wide range of possibilities to streamline operations, enhance customer experiences, and drive efficiency.
Our Policy
Sonar Software invites researchers to share any suspected vulnerabilities by submitting the form below. Clicking “Report Vulnerability” means you understand and agree to the following guidelines when conducting security research and disclosing potential vulnerabilities. Sonar Software will not pursue legal action if researchers adhere to these guidelines.
We require confidentiality regarding any information discovered about Sonar Software, our systems, or customers during your research. This information must solely be used in connection with our Responsible Disclosure Policy. Prior written consent from Sonar Software is needed before using, disclosing, or distributing any confidential information, including your submission and data obtained while investigating our systems.
While responsible reporting is encouraged, the following actions are strictly prohibited:
- Executing, or attempting to execute, a Denial of Service (DoS) attack against any system or website.
- Introducing any malicious software or ransomware.
- Threatening Sonar Software or our customers with the intent of extortion (such as threatening the availability of data unless a payment is made).
- Social engineering attacks against Sonar Software employees, contractors, customers, or prospective customers (including phishing or any testing resulting in unsolicited messages).
- Unauthorized vulnerability or penetration testing.
- Attempting to profit from the sale or misuse of a vulnerability or any data not belonging to you.
- Exfiltrating, downloading, copying, or retaining Sonar Software data or customer data that you don’t own.
- Important: Discovering data not belonging to you during a vulnerability investigation must be immediately addressed. All such data must be removed from unauthorized systems, and any further exploitation attempts must stop.
- Deliberately modifying, destroying, or corrupting data or information not belonging to you.
- Violating applicable laws or agreements.
Sonar Software’s Commitment
We will work with you to understand and validate the potential vulnerability (a valid email address or claim form is required). If deemed appropriate by Sonar Software, we will address the vulnerability within a reasonable timeframe.
Note: Sonar Software has partnered with Bugcrowd for the administration of this form. Responses and communication regarding submissions may come from Bugcrowd.