HomeSolutionsEfficient Frontier InsuranceAbout usContact us

Product Security

Kalepa values the work done by security researchers in improving the security of our product offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.

We encourage anyone to report security issues to security@kalepa.com.

Responsible Disclosure Guidelines

We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you comply with the following Responsible Disclosure Guidelines:

  • Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
  • Do not modify or access data that does not belong to you.
  • Give Kalepa a reasonable time to correct the issue before making any information public.
  • Please don't perform research that could impact other users. Secondly, please keep the reports short and succinct. If we fail to understand the logics of your bug, we will tell you.

How should reports be formatted?

We would like you to format your reports like this:

Name: %name
Twitter: %twitter
Bug type: %bugtype
Domain: %domain
Severity: %severity
URL: %url
PoC: %poc
CVSS (optional): %cvss
CWSS (optional): %cwss

Which domains are in scope?

The domains kalepa.com, kalepainsurance.com, kalepa.co, and kalepa.io and any subdomain.

What bugs are eligible?

Any typical web security bugs such as:

  • Cross-site Scripting
  • Open redirect
  • Cross-site request forgery
  • File inclusion
  • Authentication bypass
  • Server-side code execution

What bugs are NOT eligible?

Typical "no impact" bugs such as:

  • Missing Cookie flags on non-session cookies or 3rd party cookies
  • Logout CSRF
  • Social engineering
  • Denial of service
  • SSL BEAST/CRIME/etc
  • Email spoofing, SPF, DMARC & DKIM.
Privacy PolicyProduct SecurityCookie Preferences
© 2022 Kalepa Corporation. All Rights Reserved.
Insurance services provided by Kalepa Insurance Services, LLC, a licensed Property & Casualty (“P&C”) insurance producer in the states where it transacts insurance. Insurance products, on admitted or non-admitted basis, are available only to insureds in such states. All coverages are subject to policy terms, conditions, and exclusions. For advice regarding your particular insurance needs, you should speak with your broker or agent to ensure that you have the appropriate coverages and limits.
© 2022 Kalepa Corporation. All Rights Reserved.
Insurance services provided by Kalepa Insurance Services, LLC, a licensed Property & Casualty (“P&C”) insurance producer in the states where it transacts insurance. Insurance products, on admitted or non-admitted basis, are available only to insureds in such states. All coverages are subject to policy terms, conditions, and exclusions. For advice regarding your particular insurance needs, you should speak with your broker or agent to ensure that you have the appropriate coverages and limits.