1. Purpose
To provide clear guidelines for security researchers and the general public to report potential security vulnerabilities in a lawful, responsible, and safe manner.
This program helps protect our systems, customers, and partners by fostering a collaborative approach to cybersecurity.

2. Scope
This program applies to all web applications, APIs, services, and other publicly accessible systems owned, operated, or maintained by Dimension Systems.

3. Guidelines for Reporting
We ask that you:
· Report findings promptly via our disclosure email: security@dimension-systems.com
· Do not engage in any activity that harms the confidentiality, integrity, or availability of our services
· Avoid accessing or modifying data that is not your own
· Avoid violations of privacy, data destruction, or service disruption
· Do not use automated tools that generate large volumes of traffic
· Provide sufficient detail to reproduce and validate the vulnerability

4. Out of Scope
The following are not considered in scope:
· Denial of Service attacks (DoS/DDoS)
· Spam or social engineering techniques
· Reports from automated tools without clear evidence of vulnerability
· Issues related to outdated browser versions or configurations

5. Safe Harbor
We will not pursue legal action against individuals who:
· Engage in testing within the scope of this program
· Follow the rules and report vulnerabilities responsibly
· Do not exploit or disclose vulnerabilities before a fix is released

6. What You Can Expect from Us
· Acknowledgment of your report within 5 business days
· A transparent process throughout the investigation
· Attribution on our Hall of Fame (if applicable and with your consent)
· A good-faith commitment to fix verified issues in a timely manner

7. Contact
All vulnerability disclosures should be sent to: security@dimension-systems.com
We welcome reports from researchers, customers, partners and the general public.

8. Legal Notice
This program does not authorize or permit:
· Access to private data that is not yours
· Exploitation of any vulnerability beyond what is necessary to prove its existence
· Violation of any applicable law or regulation

We reserve the right to modify this program at any time.