How to report

1. Please report the security issues or vulnerability to responsible_disclosure@bajajallianz.co.in with the necessary details like description, screenshots, etc.

2. Kindly mention your full name, mobile number and email ID for us to be able to reach you.

Reporting rules

1. After the submission of any security issue/apprehended issue, BALIC reserves its right to validate the reported issues as a "vulnerability" or "not a vulnerability”.

2. BALIC will evaluate the reported issue, and where felt appropriate in its sole discretion, BALIC may reach out to you in order to work closely with you to address the issue(s)

3. Web apps, mobile apps, API security issues and network/service-related misconfigurations are categories which would be ideally considered.

4. Please avoid sending automated tool reports or automated findings without validation

5. You are advised to:

a. Maintain confidentiality

b. Refrain from accessing sensitive information, performing hacking/exploit actions. 

c. Refrain from publishing, advertising, disclosing the information in any physical/digital platform, including but not limited to any public forum/social media/private group or person, or indulging in any an action that may be prejudicial to the interests of BALIC. 

6. Kindly note that non-adherence to the above advice would be construed as improper public disclosure/misuse of information, which will warrant the initiation of appropriate legal action by BALIC.

BALIC's responsibility

1. In appropriate instances, BALIC may work with you until vulnerabilities are addressed. Please allow us a reasonable time to investigate the issue, depending on the criticality of the reported issue

2. Where felt necessary, we may address the risks appropriately by the exercise of the best possible efforts

Acknowledgement

1. You will NOT target BALIC's security infrastructure or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc.

2. If a severe vulnerability is detected and allows system access, data exfiltration, or any such similar issues, you will not proceed further and ensure immediate reporting of the same to BALIC

3. BALIC, in its sole discretion, may decide to address the security vulnerabilities, if any, in a manner that serves the interests of BALIC, its customers, group companies, service providers and agencies.

4. You will always maintain complete confidentiality of the reported issue/ apprehension about security vulnerability (before or after reporting to BALIC) and will NOT disclose the same with any person or entity.

5. Upon request by BALIC at any time, you may have to destroy your report and evidence shared and confirm to BALIC on the same.

6. By the mere submission of any apprehension about security vulnerability, you will NOT derive any right against BALIC, nor will you demand any action or threaten BALIC in any manner.

7. BALIC does NOT support the violation of applicable laws/regulations by you, either before, during or after reporting any vulnerability incident. Hence, care should be taken that your action does not result in a breach of law/regulation/agreement, etc., including but not limited to that of any person/organization; else, BALIC reserves its right to initiate appropriate legal action.

Open appreciation on our official website

We appreciate your gesture in coming forward to report an issue for being evaluated by BALIC. For cases where BALIC considers the same as a valid vulnerability, we will be happy to add you to the "Security Heros" list on our corporate website if you would like to be publicly recognised. For this, your name, email ID and social media handles will be added, as per your consent.