Vulnerability Disclosure

Logistics Plus, Inc. takes the security of its systems and the privacy of its customers and partners seriously.

Vulnerability Disclosure Policy

Our Commitment

Logistics Plus, Inc. takes the security of its systems and the privacy of its customers and partners seriously. We welcome reports from security researchers who identify potential vulnerabilities in our systems in good faith. We are committed to working with the security community to verify, address, and acknowledge valid findings.

Scope

This policy applies to vulnerabilities identified in systems and services owned and operated by Logistics Plus, Inc., including:

  • logisticsplus.com and related subdomains
  • Customer-facing web applications and portals
  • Publicly accessible APIs

The following are out of scope:

  • Third-party services and platforms not operated by Logistics Plus
  • Physical security, social engineering, or denial-of-service attacks
  • Findings derived from automated scanning without manual validation

How to Report

To report a potential vulnerability, please send an email to:

[email protected]

Your report should include:

  • A description of the vulnerability and the potential impact
  • The affected system, URL, or endpoint
  • Steps to reproduce the issue
  • Any supporting evidence, such as screenshots or HTTP request logs

Please do not include full exploit code or take any action beyond what is necessary to demonstrate the vulnerability.

Our Commitments to Researchers

When you report a vulnerability to us in accordance with this policy, Logistics Plus commits to:

  • Acknowledging receipt of your report within 5 business days
  • Reviewing and validating your submission in good faith
  • Keeping you informed of our progress on a reasonable basis
  • Not pursuing legal action against researchers who comply with this policy
  • Treating your report confidentially and not sharing your identity without your consent

Researcher Guidelines

To qualify for good-faith treatment under this policy, researchers must:

  • Report findings promptly and exclusively to [email protected]
  • Avoid accessing, modifying, or retaining data beyond what is necessary to demonstrate the vulnerability
  • Not disclose the vulnerability publicly before Logistics Plus has had a reasonable opportunity to address it
  • Not use the vulnerability to access systems, degrade service, or harm customers or partners
  • Comply with all applicable laws

Bug Bounty

Logistics Plus does not operate a formal bug bounty program. We do not guarantee monetary compensation for vulnerability reports. At our sole discretion, we may provide a goodwill acknowledgment payment for reports that result in the identification and remediation of significant, validated vulnerabilities. Any such payment is subject to the execution of a written agreement.

Note to researchers: Submitting a report does not guarantee payment. Goodwill payments, if made, are discretionary and contingent on independent validation of the finding and execution of a release agreement.

Contact

All vulnerability disclosures must be submitted by email to:

[email protected]

Please use “Vulnerability Disclosure” as your subject line. Do not submit vulnerability reports through other channels, including customer support, sales, or general contact forms.