Call Center Africa Responsible Vulnerability Disclosure Program (VDP)
To improve the protection of its Information and Communication Technologies (ICT) systems and assets, Call Center Africa encourages the public to assist with its efforts by disclosing vulnerabilities in Call Center Africa’s publicly accessible information systems and assets as well as reporting cybersecurity issues.
What to Report to Call Center Africa
The public is invited to report cybersecurity issues, incidents, and details of vulnerabilities associated with publicly accessible Call Center Africa ICT systems, including websites.
Information on Vulnerability Reporting
The following should be noted when reporting vulnerabilities and cybersecurity issues and incidents to Call Center Africa:
-
The vulnerability and/or cybersecurity issue or incident should not already be publicly disclosed.
-
The vulnerability and/or cybersecurity issue or incident should be reported to Call Center Africa as quickly as possible after its discovery.
-
The reporter is expected to keep the vulnerability findings confidential for at least 90 days following the date the vulnerability or cybersecurity issue or incident was reported to Call Center Africa or until public disclosure of the vulnerability has been made on this website.
-
The severity of a vulnerability finding is assessed by Call Center Africa at its own discretion.
-
The name and contact information of the reporter may be disclosed to the affected technology vendor(s) unless otherwise requested by the reporter. · Call Center Africa reserves the right to accept or reject any security vulnerability or cybersecurity issue, or incident disclosure report at its discretion.
If you believe you have found a vulnerability or issue and would like to report it, we ask that you submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept:
-
The findings, including contact details, should fill out the submission form.
As much information as possible regarding the finding should be communicated to Call Center Africa to enable the organization to reproduce and verify the vulnerability, issue, or incident to implement appropriate remediation actions.
Once you submit a report to Call Center Africa, please allow the information security team a reasonable amount of time to respond to your report and correct the issue.
If more information is required regarding a reported finding, Call Center Africa may contact the reporter; therefore, it is important to provide valid contact details, including email address and/or telephone number.
Upon receipt of the report, Call Center Africa will verify the existence of the vulnerability, notify affected parties, and implement actions to mitigate the vulnerability.
Once the vulnerability has been removed, the reporter will be acknowledged unless he/she wishes to remain anonymous and listed (at his or her own discretion) on this page with a short description of the vulnerability reported. By reporting vulnerability findings to the Call Center Africa, the reporter accepts that such reporting is provided pro bono and without expectation of financial or other compensation. The reporter also affirms that neither he/she nor any entity that he/she represents is complicit in human rights abuses, tolerates forced or compulsory labour or uses child labour, is involved in the sale or manufacture of anti-personnel mines or their components, or does not meet the purposes and principles of the United Nations.
Call Center Africa Information Security Hall of Fame
Call Center Africa is grateful to the following individuals and organizations that have helped the Organization to improve the security of its information systems, data, and ICT resources by reporting security issues and discovered vulnerabilities.
Reporter |
Cyber Security Issue |
Date |
Gaurang Maheta | Temporary denial of service of Anti-virus or privacy functionality | 09 October 2022 |
Gaurang Maheta |
Website with no valid SSL Certificate |
03 October 2021 |
Gaurang Maheta |
Generic token |
18 August 2022 |
Gaurang Maheta |
Git repository found |
18 August 2022 |