1.   Home
  2. Solution
XAC SoftPOS Responsible Disclosure

Policy

At XAC, security is our top priority. This Responsible Disclosure Policy outlines the guidelines for reporting security vulnerabilities responsibly.


Scope

This policy applies to MPoC Softwares assets owned, operated, or managed by XAC
 

Reporting Guidelines

If you believe you have discovered a security vulnerability in any of our systems, we encourage you to report it to us as soon as possible. To ensure responsible disclosure, please follow these guidelines:

Please email us at XAC.Tap2Phone@xac.com.tw

We recommend using our public PGP key to encrypt your message for security. When submitting your report, be sure to include the following details:

  • A comprehensive description of the vulnerability, including relevant details such as the URL and the type of vulnerability.
  • CVSS3 Score (Common Vulnerability Scoring System).
  • Sufficient information to help us reproduce the issue.
  • A screenshot of the identified vulnerability, if applicable.
  • Your contact details, including name, email, phone number, and your public PGP key (if available).
  • Technical specifics such as the endpoint, affected components (GET/POST parameters, cookies, headers, paths, HTTP methods).


What to Expect

Once a report is submitted, we will:

  1. Acknowledge receipt of your report within 1 business day.
  2. Investigate and validate the reported issue.
  3. Provide updates on our progress and expected resolution timeline.
  4. Notify you when the vulnerability has been addressed.
  5. Claims for compensation as a condition for sending in a vulnerability will not be accepted.


Require Your Good Practice

 To ensure the security of XAC and our customers, it is essential that you adhere to best practices, including:

  • Refraining from using the vulnerability to access or attempt to access information that does not belong to you.
  • Not exploiting the vulnerability to alter or delete any information.
  • Avoiding any actions that could disrupt our services, such as denial-of-service attacks.
  • Not using discovered vulnerabilities for malicious purposes and refraining from publicly disclosing them until we have resolved the issue.

 

Report Anonymously

Yes, but please note then we cannot respond back and keep you updated on the status.
 

PGP key

Key ID: ###


Updates to This Policy

XAC reserves the right to update this policy at any time. Any changes will be reflected on this page.
Thank you for helping us maintain the security of our SoftPOS solutions. As a company that keep seeking the payment security, we commit to keep maintaining and having the best payment security.
 

Product
Solution
Inquiry
About
XAC AUTOMATION CORP.
  • 4F., No. 30 Industry E. Road IX, Science-Based
    Industrial Park,Hsin-Chu, 300096, Taiwan, ROC
  • TEL: +886-3-577-2738
  • FAX: +886-3-577-6678
  • marketing@xac.com.tw