CONTACT US
HOME SOLUTIONS SoftPOS XAC SoftPOS Responsible Disclosure

SOLUTIONS

SoftPOS

XAC SoftPOS Responsible Disclosure

Policy

At XAC, security is our top priority. This Responsible Disclosure Policy outlines the guidelines for reporting security vulnerabilities responsibly.


Scope

This policy applies to MPoC Softwares assets owned, operated, or managed by XAC
 

Reporting Guidelines

If you believe you have discovered a security vulnerability in any of our systems, we encourage you to report it to us as soon as possible. To ensure responsible disclosure, please follow these guidelines:

Please email us at XAC.Tap2Phone@xac.com.tw

We recommend using our public PGP key to encrypt your message for security. When submitting your report, be sure to include the following details:

    • A comprehensive description of the vulnerability, including relevant details such as the URL and the type of vulnerability.
    • CVSS3 Score (Common Vulnerability Scoring System).
    • Sufficient information to help us reproduce the issue.
    • A screenshot of the identified vulnerability, if applicable.
    • Your contact details, including name, email, phone number, and your public PGP key (if available).
    • Technical specifics such as the endpoint, affected components (GET/POST parameters, cookies, headers, paths, HTTP methods).


What to Expect

Once a report is submitted, we will:

    1. Acknowledge receipt of your report within 1 business day.
    2. Investigate and validate the reported issue.
    3. Provide updates on our progress and expected resolution timeline.
    4. Notify you when the vulnerability has been addressed.
    5. Claims for compensation as a condition for sending in a vulnerability will not be accepted.


Require Your Good Practice

 To ensure the security of XAC and our customers, it is essential that you adhere to best practices, including:

    • Refraining from using the vulnerability to access or attempt to access information that does not belong to you.
    • Not exploiting the vulnerability to alter or delete any information.
    • Avoiding any actions that could disrupt our services, such as denial-of-service attacks.
    • Not using discovered vulnerabilities for malicious purposes and refraining from publicly disclosing them until we have resolved the issue.

 

Report Anonymously

Yes, but please note then we cannot respond back and keep you updated on the status.
 

PGP key

Key ID: ###


Updates to This Policy

XAC reserves the right to update this policy at any time. Any changes will be reflected on this page.
Thank you for helping us maintain the security of our SoftPOS solutions. As a company that keep seeking the payment security, we commit to keep maintaining and having the best payment security.

 

Related Information

SoftPOS
SoftPOS

SoftPOS

PCI MPoC-certified software that enables merchant’s commercial off-the-shelf devices to accept contactless payments—securely and efficiently. XAC also offers companion hardware to enhance your SoftPOS solution with greater usability and flexibility.

location linkedin youtube
CONTACT US
Compare

total 0 items

In accordance with the General Data Protection Regulation (GDPR) enforced by the European Union, we are committed to protecting your personal data and giving you control over it.

By clicking "Accept All," you consent to our use of cookies to enhance your experience on this website, help us analyze site performance and usage, and deliver relevant marketing content. You can manage your cookie preferences below. By clicking "Confirm," you agree to proceed with your current settings.

Manage Cookies

Privacy Preference Center

In accordance with the General Data Protection Regulation (GDPR) enforced by the European Union, we are committed to protecting your personal data and giving you control over it.

By clicking "Accept All," you consent to our use of cookies to enhance your experience on this website, help us analyze site performance and usage, and deliver relevant marketing content. You can manage your cookie preferences below. By clicking "Confirm," you agree to proceed with your current settings.

View Privacy Policy

Manage Consent Settings

Necessary Cookies

Always On

These cookies are essential for the website to function and cannot be disabled in our systems. They are usually set only in response to actions you take, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work properly as a result.