Responsible Disclosure Policy

This policy exists to promote the responsible disclosure of security issues you may have found on any of our assets.  Please note that we do not offer any monetary awards on this program.

At Castor, the security of our systems and the safety of your data are core characteristics of our company. We put a lot of effort into securing our websites and systems, but there is always room for improvement. We put a lot of effort into securing our websites and systems, but there is always room for improvement. 

If you believe you have found a (potential) vulnerability in any of our products or on one of our domains, please inform us so we can take all necessary actions and precautions to mitigate the issue. We are always open to cooperate with you to better protect our users, partners, data, and systems, and strive to resolve any vulnerability problem as quickly as possible. You can submit your reports to responsible-disclosure@castoredc.com

We would like to ask you to:

  • Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
  • Only interact with accounts you own or with explicit permission of the account holder.

While researching, we’d like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of Castor EDC staff or contractors
  • Any physical attempts against Castor EDC property or data centers

Public GPG key:

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQINBFtRmq4BEACbRs/MexXrcxzyaN59n/rqsc0DEx6SUvnAKXPXqxJ5VM8yekCa DOZU4R7L9eTvk8eOh9ahM/XsyQesVGldDpIEzSjwBYwlDiObamOJC3b3oMOisnG9 WgPibvlOBzeCQ1NmFzthDBUTx9TebtXwCqEIhhedDslXMsZBBxtWj2mzJ4VRRyes zd+bUpUCLCRM9scZeKoiY50pGLMERPAvlAJvTU1eMeVReY3Cx1/gvCAh0drlo46o 5GVjS31MybmUdqS49WcCBWcwaKsfPt70Zf0+UgO2JsyHBxW370W8E+yRwrWLSs1h XamQleWBBQ4zQDUnc4jclMylkukKcJUhAIqyzl4pQJzzSJZWIMbfKM6GlScKrfO7 zhmBphnpBKMSiKCd3LK0u3j+a6ALs6G5FPof7HyLB7hiorqP7v0xbxkCsH9JDZxq xF+HIDz+WSF+XtZxt13/CnYAGLEZpa1SZwHpLBuqB9FlCngDwiDsgUzoh8YXgxVJ n+/tEh7MbuI1ylDtda09k00o9Qp+ErEEhIkjAUScarP06kHOlFCGNGrYcbFZ6XoW Z2ZBeK3/pTo8e5LicbYklR+txMXX+blC5IywtGy857oJZwXA2TApu+UteAiJd5id kN8EERkNKxYDFZazu5qkYKeksCX5pUdj4wqSDR97b80a9TKttkBMYzz0YQARAQAB tENDYXN0b3IgUmVzcG9uc2libGUgRGlzY2xvc3VyZSA8cmVwb25zaWJsZS1kaXNj bG9zdXJlQGNhc3RvcmVkYy5jb20+iQJOBBMBCAA4FiEE42qVRO2TtkNpilRj6jpq B9aeYWIFAltRmq4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ6jpqB9ae YWLmYg//QYHlIbT5vRTa5aqxyeTXG+WdDjOdprFamjMuf1WWoM7UUJYqN+z8MdAq jsFYMcllKvqDMd7z+C87zyURGhbXd4lMNsO+tYOql5Thkp1G0fhLGSEBdLfvns6e mSh8v8Lc0Pe1+H6K6JLj1QC5ZP+XSZFdIeP54DZYzt35HeA8S8rQKAXKZKFSOo5w uem5pWZXR9OLa6AxjqI1cyKahVTqKhYOegw3FoQGHeZNwwgt2mLEVkZHg7rxtJCY 93261E9BynOnwouMEN3etyGG65xe7QWWMFxmwzqzeWatgYoRrS3RpPF0Jy7YbfVL qDuJr9FON9swunYF2/QI0omM1cwpG2UWKInez+X22fMrufWGmyBndyDsVprWIdOY MdotYZfUfmpftydxniUu7ODnjKDmAXhjxekPaj6Yqje/92/Bni8nOldntqVRJzlc K5mHBHJ0IcIvwCT87fs5BmeyP/RX9kpaYCkYn95UWgXNjbnFqQjIS7TTKQt3uG3+ iFiL4P5oFQ9nx939X8ZgPPEpIDUS8HYu8dKFRSGh+sCK/YGxuhrvgOwfT40MqA6P B29J+VKaDc40moMQHZsPZqRl0Ry6XgIequV512yDvIfs04Zz+lcxbbNfqbmkwXfS WE3xodTX/2jD4f8UjjWHi7P0VzGicP2qbKlO9Q/QeZaX95AdRf65Ag0EW1GargEQ ANzLq8uAeVTV1a7lC9CM5a0tq2C0g42xEEor01sAqRbI35xMTSrq3gq10Vg6QoaL AC6NKFxScaaLtekroh3dI9KISMnhSc0F1kS64arzpNbVyimW6DjTtROLYDpUZVLZ zeDbFXWM06blASFlVMade/Gj8h0fjZio2TfPA5JhxtDO++pgnAyEY8CfUoz3PaP6 wgYshAb/E5zlGj4Ikx1Ehj7FJv2PLIfLIlcaYUv3SQtDptX7qr3nvJGoOpU0exPr U2DHECpdRcxqCOvVW7byM5hzatUeH9BlIlq804mMB4FKu8iMGgYaQcZKXzf2rnnN Jspzh0JnbANKd07tyfAL9KsbQXMtUrh33UFHA6TEKQ4cbdfP/u1SQEaCEDmwY6BR aBWHyuZtjQmUQtKCUEduApBrkEBkOrc2Cajn+27NKauGYsMLp39J1Spgu04RlE8J 89W4hrosy6A/3g9pUq8lpiBHG4b4APZdBLWqyjDk5O2DPF/VZZ7MA1aGaDsD8eYg JmB1jBy/I9x7GfHonNwTmPYdY+pON7tuVwZYcowwm55EYK8Ujg9g/OeXOggUjfBH svlcI/PsvNl2gaxPPcazetd9YhzLMQcTTwtyeVwX8wKfNSi2pv7wV18M5RK1IFW8 mLcq4FLdAsaYg3xY5ocd+zTK30nZqNelRSmxC2mbBJK5ABEBAAGJAjYEGAEIACAW IQTjapVE7ZO2Q2mKVGPqOmoH1p5hYgUCW1GargIbDAAKCRDqOmoH1p5hYtEZEACF 6bF5i5Iyp8FsQzopOyRPCLmc4PAbudPQK0ji0xcw4iEvL5Ve0QzGAP7Mt7VwHHQ2 45vjagsAZaSimu3y5RR5OdIzX6UGXvQciZERbdWsm+qieJ5lK/zNnfeWdSWI0ook 4cqRVLuHwhchqs4EiRfVBPUoAMG0R5rS5pWRHDb99ICdsIyZhBvWA7aItEfu26OB SkQW6S8+0Tc+ZsNjiNzXVORKJkaNJdMB93BOJ6qyZJMc7gpYKvzn3L04E5mTXCYO f4xy8hNXcnGQvTkFLN1W2qO0nRRpxb/t9x8xjnvamla3/hUwnYzgUGqEMExmK0+j U1UAtMVIN1FEEUgiA8wy0DeKyuRHqoMKcql3ZvaLi9563bTkDEeT833ItDp0S/fN ES9TXbvTai8+dSQNHJWWuH+0CfcXiErtCLPKPcMPGMtTxgd4GDwtYzHNsqTisx7J EIVt05RMfdrOWFqMusXMlks6fQSiApvOyvd8lQFp1Fz/ILlReR74TNj9HgRxOhIY tDaCH3uHP+rAP7qs+ZxVHYsixA6s5v8IRC6xQipKXjHOT9V4r+LV3jecMmriWGEJ yftuzbr28az5mee8Ob8Gcnfl8GePmOh7ngsoPD2z2rgHafQhDbSPOGK43y6dHpYv BDxscKgl3A/5xHMsD3FyRz1JGinFux5Gf2Eel2P09g== =Vt4Y —–END PGP PUBLIC KEY BLOCK—–

Fingerprint:

E36A9544ED93B643698A5463EA3A6A07D69E6162