AMC takes privacy and security of our customers, employees, suppliers seriously. While AMC welcomes security researcher’s insights to our online websites, mobile applications, and social media platforms, we require that the engagement occurs in a responsible manner in accordance with our Responsible Vulnerability Disclosure Policy.
Responsible Vulnerability Disclosure Policy
Security research and disclosure conducted in good faith seeks to protect the AMC ecosystem. In particular, good faith disclosure avoids violating trust and potential cause of harm to AMC, its customers, employees, and suppliers.
Violations of AMC Responsible Vulnerability Disclosure Policy:
- Public disclosure of vulnerabilities (confirmed or potential) without AMC’s consent
- Violating AMC intellectual property, trademarks, or copyrights.
- Impacting the privacy of customer data or customer account of AMC
- Performing any testing against AMC technical environment that could result in denial of service or performance degradation
- Conducting research at any AMC facilities, theatres, or events
- Testing non-AMC applications or services in our digital estate through social engineering and deceptive techniques
- Modification, exfiltration, or exposure of AMC customer data or account information
- Submission of extraneous irrelevant information or disclosure outside the submission guidance process herein
- Maintaining our sensitive data for purposes beyond intent to disclose vulnerabilities to AMC
Vulnerabilities communicated and managed in line with this policy benefit AMC, its customers, and the Cybersecurity community as a whole. If you conduct your security research and disclosure as authorized under this Policy and otherwise in good faith, AMC will not take legal action against you related to such activities. AMC reserves all its legal rights in the event of any adverse impacts and noncompliance of any individual or organization’s actions.
AMC will engage security researchers who submit viable vulnerabilities in accordance with this Policy and is committed to coordinating on a best effort basis. AMC does not offer monetary rewards for vulnerability submissions.
AMC may modify or terminate this Policy at any time. Please review periodically to ensure you understand the current Policy.
Responsible Vulnerability Disclosure Process:
Please send details of the security vulnerabilities by sending us an email to email@example.com. Please ensure your submission contains the following information:
- Clear description of issue
- Full URL indicating where discovered
- Steps to reproduce the issue
- Recommendation(s) to resolve issue(s) if known