EMPTrust utilizes some of the most advanced technology for Internet security available
today. When you access our site using Microsoft Internet Explorer version 7.0 or
higher, Secure Socket Layer (SSL) technology protects your information using both
server authentication and data encryption, ensuring that your data is safe, secure,
and available only to registered Users in your organization.
Your company data will be firewalled from other companies and is inaccessible to
EMPTrust provides each User in your organization with a unique user name and password
that must be entered each time a User logs on. EMPTrust issues a session "cookie"
only to record encrypted authentication information for the duration of a specific
session. The session "cookie" does not include either the username or password of
the user. EMPTrust does not use "cookies" to store other confidential user and session
information, but instead implements more advanced security methods based on dynamic
data and encoded session IDs.
In addition, EMPTrust web sites is hosted in a secure server environment that uses
a firewall and other advanced technology to prevent interference or access from
Security researchers seeking information on how to report security issues to EMPTrust
should review our responsible disclosure policy.
EMPTrust Vulnerability Reporting Policy
Keeping our customers’ data secure is our number-one priority, and we encourage
responsible reporting of any vulnerabilities that may be found in our site or application.
EMPTrust is committed to working with the security community to verify and respond
to any potential vulnerabilities that are reported to us. The EMPTrust security
team acknowledges the valuable role that independent security researchers play in
Additionally, EMPTrust pledges not to initiate legal action against security researchers
for penetrating or attempting to penetrate our systems as long as they adhere to
the conditions below.
Testing for security vulnerabilities:
Conduct all vulnerability testing against Trial or Developer Edition organizations
(instances) of our online services to minimize the risk to our customers’ data.
Reporting a potential security vulnerability:
- Privately share details of the suspected vulnerability with EMPTrust by sending
an email to the security team at EMPTrust.
- Provide full details of the suspected vulnerability so the EMPTrust security team
may validate and reproduce the issue
EMPTrust does not permit the following types of security research:
- Causing, or attempting to cause, a Denial of Service (DoS) condition
- Accessing, or attempting to access, data or information that does not belong to
- Destroying or corrupting, or attempting to destroy or corrupt, data or information
that does not belong to you
The EMPTrust security team commitment:
To all security researchers who follow this EMPTrust Vulnerability Reporting Policy,
the EMPTrust security team commits to the following:
- To respond in a timely manner, acknowledging receipt of your report
- To provide an estimated time frame for addressing the vulnerability
- To notify the reporting individual when the vulnerability has been fixed
EMPTrust does not compensate people for reporting a security vulnerability, and
any requests for such compensation will be considered a violation of the conditions
above. In such an event, EMPTrust reserves all of its legal rights