# ITVDesk Vulnerability Disclosure Policy (VDP)
## 1. Purpose ITVDesk is committed to maintaining the highest security standards for our software products and services. We recognize the valuable role that independent security researchers play in helping us achieve this goal.
## 2. Scope
This policy applies to all ITVDesk software products and services, including:
- ITVDesk desktop applications (Windows, macOS, Linux)
- ITVDeskWatcher background service
- ITVDesk licensing and update systems
- itvdesk.eu domain and subdomains
## 3. Reporting a Vulnerability
If you discover a potential vulnerability, please notify us by email:
📧 **Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它**
Please include:
- a detailed description of the issue
- steps to reproduce (if possible)
- affected version(s) or platform(s)
### Do’s
✅ Provide a clear, technical description
✅ Report privately and responsibly
✅ Allow us reasonable time to fix the issue before disclosure
### Don’ts
🚫 No denial-of-service (DoS) testing
🚫 No data extraction or access to user data
🚫 No attacks against live customer systems
## 4. Our Commitment
- We will acknowledge your report within **72 hours**
- We will provide a status update within **7 business days**
- We may publicly credit responsible disclosures (with your consent)
## 5. Legal Safe Harbor
If you follow this policy in good faith, ITVDesk will not pursue legal action against you for your testing activities.
_Last updated: October 2025_
