Barefoot Technologies Corporation takes security very seriously and aims to provide the industry’s most secure solutions and services to keep customer data and systems safe. At Barefoot, we investigate all received vulnerability reports and implement the best course of action to protect our customers. Barefoot believes that working with skilled security researchers can identify weaknesses in any technology.
If you are a security researcher and have discovered a security vulnerability in our products and services, we would appreciate your help in disclosing it to us in a responsible manner.
If you identify a verified vulnerability in compliance with Barefoot’s Responsible Disclosure Policy, the Barefoot security team commits to:
Provide prompt acknowledgement of receipt of your vulnerability report (within 48 business hours of submission.)
Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together.
Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated.
Post a description in a security bulletin as a topic in this forum when the fix is released and acknowledge your contribution.
Post a security advisory as a topic in this forum if required.
Reporting a potential security vulnerability:
Share details of the suspected vulnerability with Barefoot by emailing support@barefoot.com.
Provide full details of the suspected vulnerability so the Barefoot security team may validate and reproduce the issue.
Barefoot does not permit some types of security research:
To encourage responsible disclosure, we ask that all researchers comply with the following Responsible Disclosure Guidelines:
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues as quickly as possible.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Barefoot Software service.
While researching, the following conduct is expressly prohibited:
Performing actions that may negatively affect Barefoot and its users (e.g., Spam, Brute Force, Denial of Service…)
Accessing, or attempting to access, data or information that does not belong to you.
Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
Conducting any kind of physical or electronic attack on Barefoot personnel, property, or data centers.
Social engineering any Barefoot service desk, employee, or contractor.
Violating any laws or breaching any agreements in order to discover vulnerabilities.
Barefoot reviews our Vulnerability Disclosure policy on a yearly basis.
Barefoot would like to thank every individual researcher who submits a vulnerability report for helping us improve our overall security posture at Barefoot.
At this time, Barefoot does not provide a bounty for reporting potential vulnerabilities.
Drew Forslind
Barefoot Technologies Corporation takes security very seriously and aims to provide the industry’s most secure solutions and services to keep customer data and systems safe. At Barefoot, we investigate all received vulnerability reports and implement the best course of action to protect our customers. Barefoot believes that working with skilled security researchers can identify weaknesses in any technology.
If you are a security researcher and have discovered a security vulnerability in our products and services, we would appreciate your help in disclosing it to us in a responsible manner.
If you identify a verified vulnerability in compliance with Barefoot’s Responsible Disclosure Policy, the Barefoot security team commits to:
Reporting a potential security vulnerability:
Barefoot does not permit some types of security research:
To encourage responsible disclosure, we ask that all researchers comply with the following Responsible Disclosure Guidelines:
While researching, the following conduct is expressly prohibited:
Barefoot reviews our Vulnerability Disclosure policy on a yearly basis.
Barefoot would like to thank every individual researcher who submits a vulnerability report for helping us improve our overall security posture at Barefoot.
At this time, Barefoot does not provide a bounty for reporting potential vulnerabilities.