Overview
Hightower Communications is committed to maintaining the security of our websites, systems, and data. We appreciate the efforts of security researchers and members of the public who help us identify potential security issues responsibly. This policy outlines how to report security vulnerabilities to us safely and responsibly.
Scope
This policy applies to Hightower Communications’ publicly accessible websites, including our corporate website and any web-based application forms.
- In-scope: Publicly accessible web pages, forms, and network services.
- Out-of-scope: Internal systems, employee-only systems, or any systems you do not have explicit permission to access.
What to Report
We welcome reports of:
- Security vulnerabilities in our websites or web applications
- Potential risks to user data on our public forms
- Misconfigurations that could expose sensitive information
Safe Reporting Guidelines
When submitting a vulnerability, please:
- Do not exploit, exfiltrate, or modify data.
- Avoid testing that could disrupt our website or services.
- Limit testing to the minimum necessary to demonstrate the issue.
- Provide clear, actionable information to reproduce the vulnerability.
How to Submit a Report
Please send your report via email to: it@hightowernc.com
Include:
- A description of the vulnerability
- Steps to reproduce it
- Screenshots, logs, or proof-of-concept code if available
- Your contact information (optional, if you wish for a response)
What to Expect from Hightower Communications
- We will acknowledge your report within 5 business days.
- We will assess the report and communicate updates as appropriate.
- We may ask for clarification or additional information to reproduce the issue.
- We will not take legal action against individuals acting in good faith and within the scope of this policy.
Do Not Do
- Do not attempt to access internal systems, employee accounts, or any environment you are not explicitly authorized to test.
- Do not publicly disclose vulnerabilities before we have had an opportunity to investigate and remediate them.
Recognition
We value the contributions of responsible security researchers. Where possible and appropriate, we may publicly acknowledge those who report vulnerabilities in good faith.
Legal Safe Harbor
By following this policy and acting in good faith, researchers are provided protection from legal action. Hightower Communications reserves the right to take action if the scope of this policy is exceeded or if activities are malicious or disruptive.