Reporting Issues

If you believe you have found a vulnerability in On-Call Optimizer, or are seeing unexpected behaviour that you believe has security implications, please follow the guidelines below.

Reporting a Vulnerability

To report a security concern, please email us at urgent-issue@oncall-optimizer.com with a description of the issue and steps to reproduce (if known).

Authenticated On-Call Optimizer users can access a token from the help page within the application at https://app.oncall-optimizer.com/help. Please include this token in your report to ensure faster notification and response.

Responsible Disclosure

Upon discovering a vulnerability:

• Submit your findings to us via the instructions above.
• We will acknowledge your submission within 1 working day and provide you with a named contact person.

Once a vulnerability has been reported

• We will analyse your reported vulnerability and describe our planned response within 5 working days. If our response indicates that further time is needed beyond this initial period we will maintain regular updates to inform you of the progress.
• We may invite you to further collaborate with us to ensure the vulnerability is dealt with as effectively and efficiently as possible.

Once a fix for a vulnerability has been deployed

• We will notify any affected customers of the vulnerability and its solution.
• If you desire, we will acknowledge your work in discovering, reporting and helping to resolve the vulnerability.

At all times, we expect you to act with professionalism, maintaining a high standard of conduct, including confidentiality. We expect any discovered vulnerability is reported directly to On-Call Optimizer in the first instance, in order to allow us to protect our customers as effectively as possible.

Acknowledgements

If you have found a vulnerability in On-Call Optimizer and follow the responsible disclosure process, we will acknowledge your contribution publicly on this page if requested.