Nextiva strongly believes that collaboration with the security community is key to maintaining secure environments for all of our customers and users. Effective responsible disclosure of security vulnerabilities requires mutual trust, respect, and transparency between Nextiva and the security community, which promotes the continued security and privacy of Nextiva customers, products, and services.

Nextiva accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers, and consultants. Nextiva defines a security vulnerability as any unintended weakness or exposure that could be used to compromise the integrity, availability, or confidentiality of our products and services

Nextiva's commitment

If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy, Nextiva commits to:

• Working with you to understand and validate the issue
• Addressing the risk if deemed appropriate by Nextiva team in accordance with our commitment to security and privacy

Furthermore, Nextiva commits to maintaining trust and confidentiality in our professional exchanges with security researchers. We treat all researchers with respect and recognize your contribution for keeping our customers safe and secure.

Nextiva's expectations of researchers

Nextiva expects that you communicate about potential vulnerabilities in a responsible manner. Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from Nextiva will deem the submission as noncompliant with this Responsible Disclosure Policy.

We request that researchers provide the technical details and background necessary for our team to identify and validate reported issues using the form below.

In addition, to remain compliant you are prohibited from:

• Accessing, downloading, or modifying data residing in an account that does not belong to you
• Executing or attempting to execute any “Denial of Service” attack
• Posting, transmitting, uploading, linking to, sending, or storing any malicious software
• Testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of duplicative or unsolicited messages
• Testing in a manner that would degrade the operation of any Nextiva properties
• Testing third-party applications, websites, or services that integrate with or link to Nextiva properties

How to report a vulnerability

Nextiva requires that security researchers share the details of any suspected vulnerabilities using the web form below. The Nextiva Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution.

You are helping to provide Amazing Service

Nextiva’s philosophy is to provide Amazing Service in everything that we do. Amazing Service is about going far beyond the standard expectation. Contributions from amazing researchers like you can help protect the privacy and security of our customers. Amazing Service isn’t just something we do, it is who we are and by participating in this program you are helping us furnish that commitment.

Contact

If you have questions about the responsible disclosure program, you may contact Nextiva’s Security Team via email at [email protected].

This program is points-only. However, Nextiva will reward P1 submissions on a case-by-case basis at $1000.

Please note that Nextiva does not provide user account access to its applications for security testing by the public. Please contact Bugcrowd regarding access to private programs that Nextiva may be running on its applications from time to time.