Vulnerability Disclosure Process

1. Introduction

TCAS is committed to ensuring the security and privacy of our customers and users. We recognize the importance of cybersecurity and appreciate the efforts of security researchers and the wider community in helping us identify and address potential vulnerabilities in our IT systems. This document outlines our Vulnerability Disclosure Process, which provides guidelines for reporting security vulnerabilities discovered in TCAS’s systems, applications, and services.

2. Scope

This Vulnerability Disclosure Process applies to all online systems, websites, web applications, mobile applications, and network infrastructure owned or operated by TCAS.

3. Regular Vulnerability Scans and Penetration Tests

TCAS conducts regular vulnerability scans and penetration tests on our systems and applications. These assessments are performed by qualified security professionals to identify and remediate potential security weaknesses before they can be exploited. The results of these tests are used to enhance our security posture continually.

4. Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any of our systems, we encourage you to report it to us. To report a vulnerability, please follow these steps:

Support Ticket: Submit a support ticket via the Customer Support Form accessible from your TCAS system or via this link: https://wkf.ms/3siEm1b, providing a detailed description of the vulnerability, including the affected system, a step-by-step explanation of how to reproduce the issue, and any supporting materials such as screenshots.
Email: Send an email to support@tcasonline.com, providing a detailed description of the vulnerability, including the affected system, a step-by-step explanation of how to reproduce the issue, and any supporting materials such as screenshots or videos.
Call: If you prefer, you can also report the vulnerability via a phone call. Please contact our security team at +353 (1) 2839344 or +44 (845) 3194890 during business hours to provide the necessary information. Our team will document the details of the vulnerability during the call.
Responsible Disclosure: We request that you do not publicly disclose the vulnerability until we have had a reasonable amount of time to address it. We are committed to acknowledging your report within 2 business days of receipt.

5. Investigation and Resolution

Upon receiving a vulnerability report, TCAS will promptly investigate the issue in line with our security policies. Our security team will assess the reported vulnerability’s impact and validity. If the vulnerability is confirmed, we will work diligently to develop and implement a fix in a timely manner.

6. Communication

Acknowledgement: Once we have validated the reported vulnerability, we will acknowledge receipt of your report and keep you informed of the progress.
Resolution: After resolving the vulnerability, we will provide you with details of the fix and, if appropriate, credit for your responsible disclosure, subject to your consent.
Public Disclosure: Once the fix is applied, we also make the relevant information public by listing the vulnerability and the applied fix in our regular Release Notes to demonstrate our commitment to the continual improvement of the security and privacy of our customers and users.

7. Legal Protections

TCAS is committed to not taking legal action against security researchers who follow this Vulnerability Disclosure Process, act in good faith, and respect the responsible disclosure guidelines mentioned herein.

8. Conclusion

We appreciate your help in keeping TCAS and our customers safe. By following this Vulnerability Disclosure Process, you are contributing to the security and privacy of our services. Your cooperation is essential in maintaining the trust of our users and stakeholders.

For any questions or concerns related to this process, please contact bmurphy@tcasonline.com.

Thank you for your support and collaboration.

Sincerely,

Barry Murphy

CEO

Email: bmurphy@tcasonline.com

Direct: +353 (1) 2118348

Mobile: +353 (87) 2471365

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.