Vulnerability policy

Nearpill Vulnerability Management Policy

Nearpill is committed to protecting the security of our website and the data of our users. This vulnerability management policy outlines the steps we take to identify, assess, and remediate vulnerabilities in our systems.

Scope

This policy applies to all systems and assets owned or operated by Nearpill.

Responsibilities

The following individuals and teams are responsible for implementing this policy:

• Security team: The security team is responsible for identifying, assessing, and remediating vulnerabilities in Nearpill's systems.

• Asset owners: Asset owners are responsible for ensuring that their assets are properly scanned and patched for vulnerabilities.

• All employees: All employees are responsible for reporting any security vulnerabilities they discover to the security team.

Vulnerability identification

The security team will use a variety of methods to identify vulnerabilities in Nearpill's systems, including:

• Vulnerability scanning: The security team will use vulnerability scanners to scan Nearpill's systems for known vulnerabilities.

• Vulnerability disclosure programs: The security team will participate in vulnerability disclosure programs to receive reports of vulnerabilities from ethical hackers.

• Employee reporting: All employees are encouraged to report any security vulnerabilities they discover to the security team.

Vulnerability assessment

Once a vulnerability has been identified, the security team will assess the severity of the vulnerability. The severity of a vulnerability is determined by a number of factors, including the impact of the vulnerability, the likelihood of exploitation, and the availability of a patch.

Vulnerability remediation

The security team will remediate vulnerabilities in a timely manner. The remediation process will vary depending on the severity of the vulnerability. For high-severity vulnerabilities, the security team will work to remediate the vulnerability immediately. For low-severity vulnerabilities, the security team may implement a workaround or defer remediation until a later date.

Communication

The security team will communicate the status of vulnerability remediation to asset owners and other stakeholders. The security team will also notify users of any vulnerabilities that could impact their security.

Incident response

If a vulnerability is exploited, the security team will follow the Nearpill incident response plan to mitigate the impact of the incident.

Review and improvement

The security team will review this policy on a regular basis to ensure that it is effective. The security team will also make changes to this policy as needed to reflect changes in Nearpill's security environment.

Effective date

This policy is effective as of June 21, 2023.

Changes to this policy

Changes to this policy will be made in writing and will be communicated to all affected parties.