1. Purpose and Scope
This page sets the expectations regarding the behaviour of partners, employees and allies in everyday situations. Fluid Attacks is committed to always having an integral and correct behaviour and expects all members to act in accordance with the law and company policies. Understanding and compliance is expected from everyone. The failure to meet the principles hereby stated could imply penalties and/or criminal sanctions and could result in the end of all relations with Fluid Attacks.
Fluid Attacks is a Colombian company that firmly believes and stands by their principles, they are proudly promoted and defended. Our principles are not negotiable.
Here they are in order of priority:
HONESTY, for Fluid Attacks the truth is the greater good and always prevails over everything else. Everyone´s words and actions must reflect legitimacy, fraud is considered a very serious fault.
The TEAM, All results in Fluid Attacks are achieved through the collaborative work of all the staff. It is a team effort. Therefore, we promote a dignified and respectful treatment for everyone with equality of opportunities.
DISCIPLINE, understood as the sum of the fulfillment of all commitments, dedication, effort and perseverance.
Below we detail only some of the behaviors that should be manifested as direct involvement of the adherence to our ethical code, our values and principles:
Any detected vulnerability is reported: There are no vulnerabilities that are detected and stored for future use, personal or organizational.
Attacks are only carried out when there is authorization from the client, in personal test environments or environments created to be hacked (CTFs, challenge sites, etc): Neither as a test, nor in time outside labor hours, nor outside the organization attacks are made to third parties (partners, other companies, friends, etc.).
The vulnerabilities found by the hacker are not revealed: The hacker who finds the vulnerability does not tell anyone inside Fluid Attacks or even his family circle, about the details or the very existence of the vulnerabilities he discovers or knows. Only the client and the people in the project should know about them.
Any infection made during an attack is disinfected: After finishing a project all the software installed to infect is completely uninstalled or if this is not possible, this situation is notified to the client in writing.
Any security issue that we find out is reported: If we know of a security issue, whether accidental or intentional, it is communicated in writing or by a witness at higher levels of authority of the people involved in the issue.
Faced an error of any nature, the fault is recognized without excuses: Faced a lack of commitment of any nature involving a person of Fluid Attacks with any third party, we recognize the fault immediately, explicitly, directly, face-to-face and without excuses before all those affected by said fault.
In our company, the process is more important than the result. This is why we reject and frown upon any type bribe, monopolies or disloyal competition. On the contrary, we favor fair business practices the same way we promote all support to our employees and allies.
Each and everyone of our employees is affiliated to social security for 100% of their salaries. Our business hours are within the legal boundaries established by Colombian law, however, in the cases where hours are exceeded, employees may request compensation. We reject child labor.
5. Safekeeping of Information
We are permanently monitoring and managing the risks associated with the information of our clients.
6. Problems and Complaints
All matters related to the breach of our values can be reported through firstname.lastname@example.org