Responsible Disclosure Policy
1. Purpose
The purpose of this policy is to record the procedures of MultiChoice Group concerning communications with the media and Security Professionals in order to avoid selective or unlawful disclosure of non‐public Information.
The details contained in this policy represent a summary of the legal and regulatory provisions relating to the disclosure of information. It should therefore not be used as a substitute for specific legal advice.
MultiChoice South Africa is the data controller for the following platforms/services:
All the above sites can be accessed from our main MultiChoice Group online platform www.multichoice.com
2. Applicability
This responsible disclosure policy is applicable to customers or guests, namely a person who accessed or registers on the MultiChoice Group platforms.
3. Policy Statement
MultiChoice Group aims to keep information and data secured from unlawful disclosure or access.
If you are a security researcher and have discovered a security vulnerability or a suspected security vulnerability in any of our services, we appreciate your help in disclosing it to us in a responsible manner.
You can assist us by:
- Ensuring that the vulnerability is not publicly disclosed before MultiChoice Group has had a reasonable period to fix the vulnerability
- Keep communication channels open to allow effective collaboration
- Use the provided communication channel to report all vulnerabilities
We will validate, respond and rectify vulnerabilities disclosed in accordance with our commitment to security and privacy.
MultiChoice Group will not take legal action or suspend or terminate access to Services of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.
MultiChoice Group reserves all its legal rights in the event of any non-compliance.
4. Testing
You may test only against an account for which you are the account owner, or any party authorized by the account owner to conduct such testing.
In no event are you permitted to access, download or modify data residing in any other account but your own.
You are also prohibited from:
- executing or attempting to execute any Denial of Service attacks;
- knowingly posting, transmitting, uploading, linking to, sending or storing any Malicious Software;
- testing in a manner that would degrade the operation of the Services;
- testing third party applications or websites or services that integrate with or link to the Services.
5. Guidelines for Reporting
We require that all security researchers use the identified communication channel provided (i.e. responsible disclose form on the website) to report all suspected vulnerability information to Multichoice Group and keep all information found confidential.
Security researchers are to share the details of any suspected vulnerabilities with the MultiChoice Team by completing the Responsible Disclosure Form (below). Please do not publicly disclose these details without express written consent from MultiChoice Group.
6. Our Commitment
If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, MultiChoice commits to:
- Promptly acknowledge receipt of your disclosure.
- Provide an estimated timeline for resolution of the issues, problems or vulnerabilities disclosed.
- Notify you when the resolution for the disclosure is in place.