Thank you for offering to share information regarding a security vulnerability with us. The security of our applications and the data we are responsible for protecting is important to us and we are grateful for any information you can share with us about how we can further improve it.

​

By submitting a vulnerability report, you are agreeing to the terms below (the “Terms of Use”), which are intended to protect

both you and us.

​

1.   Safe Harbour. If you submit a vulnerability report to us, using the process outlined below, in compliance with all of the terms

      in these Terms of Use, we will not pursue civil action or initialise a complaint to law enforcement against you for accessing     

      our systems without authorisation in order to identify that vulnerability.

​

2.   Submission Process. Please submit all vulnerability reports to us by email at the email address service@cultureshock-png.com.

      In each report submitted, include:

​

      a.   a description of the vulnerability;
      b.   the URL, IP address, port, or other information that would assist us in locating the vulnerability;
      c.   detailed and clear steps to reproduce the issue (including logs, screenshots, responses, or other evidence) or proof of

           concept code;

      d.  how you found the issue;
      e.  presumed impact;
      f.   any remediation steps you would suggest; and
      g.  your name and contact details

​

3.   Scope. You may not access any individual workstation, or system, network, content, application or data of any third party,

      in connection with this program. The safe harbour described above does not apply to any such system, network content,

      application or data.

​

4.   Methodology.You may not engage in any denial of service attack, attempts to compromise physical security or enter physical

      premises, or other destructive methodologies. As soon as you have identified the vulnerability, you must cease testing of it

      and report it as described above. The safe harbour described above does not apply to any activity that violates the terms of

      this Section.

​

5.   No Access to Personal Data or Misuse of Data. By participating in this program, you represent that you have not at any time

      accessed personal data of our customers or users found on our systems, and that, in the event that you inadvertently

      acquired any, you have securely deleted that data. You represent that you have not, and covenant that you will not, misuse

      any data extracted from our environment for any fraudulent, malicious, defamatory, abusive, threatening, unlawful or

      otherwise improper purpose.

​

6.   Intellectual Property Rights. By submitting information relating to a vulnerability, you grant us a perpetual, worldwide,

      royalty-free, fully paid-up license to use and disclose any information you submit, including any proofs of concept, patches,

      improvements, suggestions, code samples or any other information, in connection with the vulnerability to analyse,

      remediate or improve our systems and networks, incorporate it into our products or services, and to conduct further testing,

      or for any other legitimate business purpose. We do not grant you any intellectual property rights to any image, information,

      writing, invention, code or other creation in connection with these Terms of Use.

​

7.   Sanctions. By submitting information relating to a vulnerability, you represent that you are not subject to any export sanctions

      or other trade restrictions, whether due to being included on the sanctions list maintained by any governmental bodies in

      Papua New Guinea or the Australasia region, individually, being a member of an organisation on that list, or being a resident

      of a country that is sanctioned by countries in the South Pacific region.

​

8.   Independent Contractor. Nothing in connection with your submission of a vulnerability shall indicate the you are an employee

      of Culture Shock and the relationship between you and Culture Shock shall not constitute a partnership, joint venture or

      agency. You shall not have the authority to make any statement, representation or commitment on Culture Shock’s behalf.

​

9.   Disclaimer of Liability and Obligation. Culture Shock, it’s officers, affiliates, representatives, contractors and employees shall

      not be liable to you in connection with these Terms of Use for any direct, indirect, exemplary, incidental, special or

      consequential damages. Unless otherwise agreed by Culture Shock, any information submitted by you in connection with a

      vulnerability is provided at no charge and Culture Shock shall not owe you any fee for that submission or any services

      performed or expenses incurred.

​

10.  Miscellaneous. These Terms of Use are governed by the laws of the Independent State of Papua New Guinea, without regard

       to conflict of laws principles. You shall not use any logo or other trademark of Culture Shock without our explicit prior

       consent.

​

DISCLAIMER

Culture Shock Limited reserves the right, in its sole discretion, to modify the terms of the Responsible Disclosure Guidelines or to terminate any or all of them at any time.

 

​

​