Responsible Disclosure

Section wrapper Block wrapper Block section Main column ----------------- Title ## Dawex commitment on security vulnerabilities

WYSIWYG Dawex security team is committed to verify and solve any discovered potential security vulnerability. Nevertheless, any technology can contain bugs and vulnerabilities can sometimes be present. Dawex truly encourages responsible reporting of any security issue that someone may find on the data marketplace.

If a vulnerability is found, our teams are dedicated to address it quickly and transparently.

Call to action /Action /Main column Secondary column ----------------- Image column Text column /Text / Block section / Block wrapper / Section Section wrapper Block wrapper Block section Main column ----------------- Title ## Our policy on the responsible disclosure of vulnerabilities

WYSIWYG Responsible disclosure is a vulnerability disclosure model in which a vulnerability or an issue is disclosed only after a period of time that allows for the vulnerability or issue to be patched or mended. Dawex philosophy relies on the collaboration between Dawex security team and security researches as follows:

Call to action /Action /Main column Secondary column ----------------- Image column Text column /Text / Block section / Block wrapper / Section Section wrapper Block wrapper Block section Main column ----------------- Title ## Dawex Security Team

WYSIWYG
* Prioritizes efforts to resolve the  reported security issues and communicates transparently * Respects security researchers,  giving them public recognition and rewards for their contributions when appropriate * Does not take any punitive actions against finders

Call to action /Action /Main column Secondary column ----------------- Image column Text column Title ## Security Researchers

WYSIWYG
* Respect the rules and follow the process prescribed by Dawex * Respect all enforceable data regulations, and strive to respect data privacy * Assist in clarifying and support their reports when needed and communicate in good faith with the Dawex security team

Call to action /Action /Secondary Text column /Text / Block section / Block wrapper / Section Section wrapper Block wrapper Block section Main column ----------------- Title ## Reporting a vulnerability

WYSIWYG As a Security Researcher, if you believe you have found a vulnerability, please submit your report including a detailed description of your discovery with clear, concise replicable steps or a working proof-of-concept. Please, be as thorough as possible. Dawex security team may contact you for additional details.

To submit a report to the security team, email at: security at dawex.com.

Need to send us sensitive information? Use this PGP public key.

We appreciate your support.

Call to action /Action /Main column Secondary column ----------------- Image column Text column /Text / Block section / Block wrapper / Section Section wrapper Block wrapper Block section Main column ----------------- Title ## Dawex disclosure process ‌

WYSIWYG The content of the report will initially remain non-public to allow the Dawex security team enough time to design, test and publish a remediation. When the vulnerability is closed, public disclosure may be requested by either parties. We encourage a mutual open communication regarding disclosure timelines:

• If neither party raises an objection, the content of the report will be made public within 90 days.
• If the Dawex security team has evidence of active exploitation or imminent harm, it may immediately provide remediation details to the public so that users can take protective action.
• Some vulnerabilities may require a longer time frame for investigation. In this case, the report may remain non-public to ensure an adequate amount of time to address the issue. Throughout this process,  the security team will remain in open communication with the Security Researcher.
• After a 180 day period, if the security team is unable to provide a vulnerability disclosure timeline, the content of the Report may be publicly disclosed by the Security Researcher.

Call to action /Action /Main column Secondary column ----------------- Image column Text column /Text / Block section / Block wrapper / Section Section wrapper Block wrapper Block section Main column ----------------- Title ## The big security picture

WYSIWYG The responsible disclosure of vulnerabilities is part of a larger Dawex effort to ensure our technology provides safe and secure data exchange environments. Our dedication to provide proof, continuity of service, identification, trust and confidentiality is seeped into every aspect of the Dawex Data Exchange Platform.  

After obtaining SOC 1 Type I compliance, SOC 2 Type I and SOC 3, Dawex completed SOC 2 Type II Security and Availability Audit Certification in April 2022 — building on our commitment to deliver secure data exchanges.

Call to action Explore our security policy and commitments /Action /Main column Secondary column ----------------- Image column Text column /Text / Block section / Block wrapper / Section