Values | Fluid Attacks

Purpose and scope

Please read this page carefully and thoroughly. Here, we at Fluid Attacks set forth our expectations regarding how our employees, partners and customers should interact in our mutual business environment. We are committed to maintaining a high degree of professionalism, integrity, reliability and ethics with the expectation that those involved act in accordance with the law and our company policies. Understanding our expectations and how to meet them is essential at all levels of interaction. Failure to comply with the principles set forth below could result in disciplinary penalties, criminal sanctions or the termination of all business relations with Fluid Attacks.

Principles

Fluid Attacks is a Colombian company. We firmly believe in our principles and conduct business in accordance with them. Therefore, our principles are not negotiable.

Our principles are:

Honesty: At Fluid Attacks, honesty is paramount in all our business interactions. Truthfulness, trustworthiness, reliability and integrity are what we bring to our business relationships and what we expect in return.
Teamwork: Fluid Attacks' results are achieved through the collaborative effort of all our staff. We are a team. Therefore, we maintain and expect dignified and respectful treatment for all members.
Discipline: At Fluid Attacks, we fulfill all our commitments with dedication, perseverance and 100% focus on excellence for all our customers.

How we apply our principles

The following are some examples of how our values and principles operate in our business interactions with customers:

We do not keep records of vulnerabilities after projects are closed: No detected vulnerabilities are stored for future personal or organizational use.
We only carry out attacks with authorization from the client and in personal test environments or environments created to be hacked (CTFs, challenge sites, etc.): Attacks are not carried out as a test, outside of work hours or outside of the organization to third parties (partners, other companies, friends, etc.).
The vulnerabilities we find are confidential: Detected vulnerabilities are only revealed to the client and authorized people working directly on the project. Hackers do not reveal any information regarding vulnerabilities, nor their existence, to any unauthorized person inside or outside of Fluid Attacks.
We uninstall any infection that we previously installed for an attack: After finishing a client's project, all the software installed to infect the system is completely removed. If this is not possible, the client is notified in writing regarding the details of this situation.
We report all detected security issues: If we know a security issue exists, we report it in writing to the client.
We assume responsibility: If we at Fluid Attacks discover any errors or missteps on our part during work on a client's project, we inform the client, take full responsibility for any impacts and repercussions, and do whatever is required to fix them.

Ethics

In our company, the process is every bit as important as the result. This is why we adhere to the principles described above and expect the same of everyone involved in a client's project.

Our business complies with all employer/employee regulations and laws, such as fair labor practices, overtime compensation, equal employment opportunity, etc., as mandated by Colombian law.

Safekeeping information

We permanently monitor and manage the risks associated with our clients' information.

Problems and complaints

All matters related to violations of our values can be reported at [email protected].