Dorothy.com - Take Me Home - Where members buy, sell and rent properties

Security and Vulnerability Policies

Security

Dorothy.com is powered by LEOSM on the Salesforce Platform™, which means you gain all of the security benefits provided by salesforce.com. Therefore, the following information is adapted from the Salesforce.com Security Statement.

Security Statement

When you access our site using industry standard Secure Socket Layer (SSL) technology, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered members.

Dorothy.com provides each member in your organization with a unique username and password that must be entered each time a member logs on. Dorothy.com® issues a session “cookie” only to record encrypted authentication information for the duration of a specific session. The session “cookie” does not include either the username or password of the member. Dorothy.com® does not use “cookies” to store other confidential member or session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.

In addition, Dorothy.com® services are hosted by salesforce.com in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.

Vulnerability Reporting Policy

Dorothy.com acknowledges the valuable role that independent security researchers play in Internet security. Keeping our customers’ data secure is our number-one priority, and we encourage responsible reporting of any vulnerabilities that may be found in our site or application. Dorothy.com®, in partnership with Salesforce.com, is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Additionally, Dorothy.com® and Salesforce.com pledge not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems as long as they adhere to the conditions below.

Conduct all vulnerability testing against Trial or Developer Edition organizations (instances) of our online services to minimize the risk to our customers’ data. Bricks are used to determine profit sharing allocations only.
Details of suspected vulnerability will be privately shared with Dorothy.com® by parties sending an email to security [at] Dorothy.com.
Full details of the suspected vulnerability will be provided so the Dorothy.com® security team so they may validate and reproduce the issue.

Dorothy.com and Salesforce.com do not permit the following types of security research:

Causing, or attempting to cause, a Denial of Service (DoS) condition
Accessing, or attempting to access, data or information that does not belong to you
Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you

To all security researchers who follow this Vulnerability Reporting Policy, the Dorothy.com® security team commits to the following:

To respond in a timely manner, acknowledging receipt of your report
To provide an estimated timeframe for addressing the vulnerability
To notify the reporting individual when the vulnerability has been fixed

Dorothy.com and Salesforce.com do not compensate people for reporting a security vulnerability, and any requests for such compensation will be considered a violation of the conditions above. In such an event, Salesforce.com reserves all of its legal rights.

Changes in the Terms of Participation, Data Policy, Security and Vulnerability Policies, Digital Millennium Copyright Act, Statement of Rights and Responsibilities, State Disclosures, Media Assignment and/or Vendor NDA will be communicated in the Company newsletter.

Date of Last Revision: June 1, 2016