Policy

At Vista Entertainment Solutions Limited (“Vista”) we appreciate the important work done by security researchers and we encourage security researchers who have discovered a security vulnerability in our products or services to get in contact with us. We will investigate all legitimate reports and we will not take legal action against those who comply with this responsible disclosure policy. Please send all reports of security vulnerabilities to security@vista.co. If you feel that your communication with us needs to be encrypted, our PGP key is below.

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFq0V90BCADf0zs5n1axk3kFL0lThe5e2PEJep7sLNeXIp7+NVS5cPRjL7Re
+rKLzqteQsLjY98MyiSqKLHO08C6utqScqSqpjjXC3nZKJyAq3/SZGG3e+H3rS+W
kLAvy/DWKWneuQQcQ7E9K1fzu8EwCVZrKrIBC+feT/jdoemRkwqh5oX2S0jv/UeQ
O2dtiASPGSEM8BvY4qFSIRrzEYXimKIWxi1zD3gd0xxGYxVbKFentblU8CqeweNR
HGKh49R2NVOSqRxAqFlUC31vEg9EAz5DzVr51Zr9T/dwIomKKv5CMSL6O6/yekJ3
zNCOkITttUDZqUuEGE9T3osU9oe0a7PYRrCHABEBAAG0IlZpc3RhIFNlY3VyaXR5
IDxzZWN1cml0eUB2aXN0YS5jbz6JAU4EEwEIADgWIQS0oYk2dcDffcGp7XauH64g
w1iTrgUCWrRX3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCuH64gw1iT
rnF+B/40PQmcaCIWgkM6X4o/O9AWYpnu2YR3exw6xfAajO6XKsX5Fe9l1UmmM+ug
4LaAtJXjj6djOnQWsAst5Cu+ZY2yFKYCPxCh8EhjFTPaTgfJfHMgcK8tOkKI+6Su
vT8ylXc8OotL8o91kQmBZRx5GjdbhDYAKpIqmixmFk8ynT07oREtb1k4Kd0sxOmS
BuV61TEAL7feAffK28sMO941rrFzu4JJj6zRkXsREa+0YP1FxFi1DkeRkefxOcMl
brS6SmwhNPBeXUxoVoLle0x0XGUO+VxPSBN3tiEj4NQvm1ZVr9EAdoSkQAv4knLN
hpSv/dqcM9VRvhnyIl4phgmmZ/1OiQEzBBABCAAdFiEEzSudJmTODUqGBWsG9heW
1ZO0oLIFAlq0d7UACgkQ9heW1ZO0oLKqUQf+OQOk4WcJ+f8NaWaYWwl3kcFWMZtH
Vmjwn2kHFuo9Ib/m69GAmOgPp4vL7Up420178X9TzJlz7XiIV7Vc1fhMjh2Hjv1G
oS3hbOkk2QDUM7uCXM2J7OEV5k/8SEMMNOEJSDO6eh3U5Li+bsyH1i+aI4zwD7sY
+i+Y2th98pbWX+rW7KFhQ/m59GQsitdgns2BkypDoPfjuVZVxKDlNck0+QiFjwWG
XLffklLy/cCRwAed8j1NXa95wAvyzpIlFeLdZ1+wEKqNwKgT3bpqeyUm1zjZRU2Q
zeHcymYFJBoMQIebc/8TdklLaIGh7KvUUj6QTnqk4ROJAhwQjbcXIke1krkBDQRa
tFfdAQgAp2vZqLtJv4ea3kOwwEQN5pk1Mc2t7gX+xH8cb0ItqTcIBFqK/DaNoF+c
YEKkkWCNyVOZyXw+TZohYL0N7oNl7q5Ir5qHz3WF0TbBZ6NitTBcF95irGLl89gF
Q/7kHH7dAoTdJLJa+ena3IchU/u6QYkmXHW3dchOpu4YwUXZWUL+A5gRjQwdQz4u
w6vM4KJ4hBuWg27X0Tv5/cORK7H4t4nocacNot+38zQsc9ZdjwazJYZP4qNnu7EJ
pfh56txIgr0e19K9xdjgPUEsyBK8VGmXkRoBj7dsraePisinDegidmiM2ck8nQvq
/ecVDaMUEq1wCgdKb0k55DSOmeDmUwARAQABiQE2BBgBCAAgFiEEtKGJNnXA333B
qe12rh+uIMNYk64FAlq0V90CGwwACgkQrh+uIMNYk67NyQf/WVENbvBz+iYY+PIy
rw+ao+zp2PWj/y873dgMi5GJ6NFZIDOASdCmr3bKJSfnNcPKNtTSM9JVZAkDsbvf
ITWyilZzDVKAqX4xq4Jm38AGcFURH/Oz/wyroLyuSm3UWwZE+fKbDBZlUPgFnRAC
zzSABes2IBUzzY0GQVQhAYZyTxs9rOivlGErLGEAMuT4GbMDzdLxo+JLwREp3JVQ
LOyQCrdsXJnnmd6trWBsa7Yq0JNx/taBzRgevzAFYZtVEkBkR1OGxh7wf7KzbAf9
M/wm3KM64KXgdoMLVuOTyMBoXzY375PuYw4ojeNdyDVCoQlcHn7f/pNV9VaepYJn
O3XnKA==
=Uk3x
-----END PGP PUBLIC KEY BLOCK-----

Guidelines

  • When you report a security issue, provide enough information to enable us to reproduce the problem. Screen shots, videos or a proof of concept are all very useful.
  • Do not exploit a security vulnerability you discover for any reason. This includes demonstrating additional risks, such as attempted compromise of sensitive company data or probing for additional issues.
  • Do not publicly disclose suspected vulnerabilities without our prior consent. Consent will likely be given once we have fixed the issue or have decided it doesn’t present a significant risk. Please take into consideration that fixing some issues may require us to coordinate with one or more of our customers and despite our best efforts this might take longer than you expect.
  • Do not access, store or modify data that doesn’t belong to you.
  • Do not phish or socially-engineer employees or customers of Vista.
  • Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services.
  • Vista does not offer a bug bounty program and compensation requests will not be considered in compliance with the Responsible Disclosure Policy.

Security Researcher Hall of Fame

We would like to thank the following individuals who have responsibly disclosed vulnerabilities to us:

2018