Please read this page carefully and completely.
It sets forth
Fluid Attacks’ expectations
regarding how our employees, partners, allies, and customers
interact in our mutual business environment.
`Fluid Attacks is committed to maintaining a high degree of professionalism,
integrity, reliability, and ethics
with the expectation that those involved act
in accordance with the law and company policies.
Understanding our expectations and compliance with them
is expected at all levels of our interaction.
Failure to meet the principles set forth here
could result in penalties and/or criminal sanctions
and the termination of all business relations with
Fluid Attacks is a Colombian company.
We firmly believe in, and conduct business
in accordance with, our principles.
Our principles, therefore, are not negotiable.
Our principles are:
Fluid Attacks honesty is paramount
in all our business interactions.
Truthfulness, trustworthiness, reliability, and integrity
is what we bring to our business relationships
and what we expect in return.
Fluid Attacks’ results are achieved
through the collaborative effort of all our staff.
We are a team. Therefore, we maintain, and expect,
dignified and respectful treatment
for all members of the `Fluid Attacks team.
Fluid Attacks will fulfill all our commitments
with dedication, perseverance and
on excellence for all our customers.
Following are some examples of how our values and principles operate in our business interactions with customers:
All detected vulnerabilities are reported: No detected vulnerabilities are stored for future personal or organizational use.
Attacks are only carried out with authorization from the client and in personal test environments or environments created to be hacked (CTFs, challenge sites, etc.). Attacks are not carried out as a test, outside of work hours, or outside of the organization to third parties (partners, other companies, friends, etc.).
The vulnerabilities found by the hacker are not revealed:
Detected vulnerabilities are only revealed to the client
and authorized people working directly on the project.
Hackers do not reveal any information regarding vulnerabilities,
nor their existence, to any unauthorized person
inside or outside of
Any infection installed for an attack is uninstalled: After finishing a client’s project all the software installed to infect the system is completely removed. If this is not possible, the client is notified in writing regarding the details of this situation.
All detected security issues are reported: If we know a security issue exists, it is reported in writing to the client.
Fluid Attacks discovers any errors, or missteps,
on our part during work on your project, we will inform you,
take full responsibility for any impacts and repercussions,
and do whatever is required to fix them.
In our company the process is every bit as important as the result. This is why we adhere to the principles laid out in the Principles section above and expect in-kind treatment for everyone involved in your project.
Our business complies with all employer/employee regulations and laws, such as fair labor practices, overtime compensation, equal employment opportunity, etc. as set forth by Colombian law.
We permanently monitor and manage the risks associated with our clients' information.
All matters related to the breach of our values can be reported through firstname.lastname@example.org