Morpheus Global Limited: Responsible Disclosure Policy

Effective Date: 5th November 2018

Our Commitment to Security

At Morpheus Global Limited (“Morpheus“), we prioritise the security of our systems and the data entrusted to us. We recognise the valuable role security researchers play in identifying and reporting vulnerabilities that could potentially compromise our security.

This Responsible Disclosure Policy outlines our guidelines for reporting security vulnerabilities you may discover on our Website or in our services. We encourage you to report any potential vulnerabilities to us responsibly so we can take steps to address them and protect our users.

  1. Scope

This policy applies to security vulnerabilities in any Morpheus system or service that is accessible to the public, including:

  • The Morpheus website (www.team-morpheus.xyz)
  • Morpheus applications and APIs
  • Any other Morpheus-owned systems or services
  1. How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please report it to us immediately by emailing [email protected]. Please include the following information in your report:

  • A detailed description of the vulnerability.
  • Steps to reproduce the vulnerability.
  • The potential impact of the vulnerability.  
  • Any recommendations for mitigating the vulnerability.
  1. What We Ask of You
  • Do not exploit the vulnerability: Avoid actions that could damage our systems or compromise user data.
  • Do not disclose the vulnerability publicly: Keep the vulnerability confidential until we have had a chance to address it.
  • Provide us with reasonable time to respond: Allow us sufficient time to investigate and remediate the vulnerability before disclosing it publicly.
  • Act in good faith: Report vulnerabilities with the intention of improving security, not for malicious purposes.
  1. What You Can Expect from Us
  • Acknowledgement: We will acknowledge receipt of your report within 7 business days.
  • Confidentiality: We will treat your report confidentially and will not share your personal information without your consent.
  • Collaboration: We will work with you to understand and validate the vulnerability.
  • Remediation: We will take steps to remediate the vulnerability as quickly as possible.
  • Acknowledgement (if desired): We are happy to publicly acknowledge your contribution to improving our security, if you wish to be recognised.
  1. Safe Harbour

We will not take legal action against you for good-faith reporting of security vulnerabilities, provided that your actions are consistent with this Responsible Disclosure Policy.

  1. Updates to This Policy

We may update this Responsible Disclosure Policy from time to time. We will post any changes on this page.

  1. Contact Us

If you have any questions about this policy, please contact us at [email protected]