Security Policy for bumrungrad.com

Purpose

This policy is designed to encourage the responsible reporting of security vulnerabilities and to ensure that such reports are handled appropriately.

Scope

This policy applies to all systems and services under the example.com domain, including APIs and mobile applications. Issues related to user experience (UX) or non-security-related bugs are outside the scope of this policy.

How to Report

If you discover a security vulnerability, please send a detailed report to [email protected]. For sensitive information, use our Public Key available at https://www.bumrungrad.com/.well-known/pgp-key.txt.

Expectations for Reporters

• Provide detailed information about the vulnerability, including steps to reproduce the issue.
• Avoid actions that may disrupt our services or impact other users.

Response Process

• We will acknowledge receipt of your report within 7 days.
• We will investigate and resolve the issue as quickly as possible.
• Once resolved, we will notify you of the resolution.

Acknowledgments

We appreciate your efforts to make our systems more secure. If your report is valid and within scope, we may include your name in our Hall of Fame.

Legal Safe Harbor

We will not take legal action against individuals who follow this policy and act in good faith.

Expires: 2025-12-31T23:59:59Z