(888) 959-6066 info@icapitalfunds.com

Security Policy

V & M Consulting Group LLC is committed to resolving security vulnerabilities quickly and carefully. In order to protect our users and their data, we request that vulnerabilities be responsibly and confidentially reported to us so that we may investigate and respond accordingly. Vulnerabilities should not be announced until we have developed and rolled-out an update.


Unpermitted Uses of iCapital Website and Unpermitted Types of Security Research

  • Intentionally harming the experience or usefulness of the service to others
  • Causing, or attempting to cause, a Denial of Service (DoS) condition
  • Accessing, or attempting to access, data or information that does not belong to you
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
    Ā 

If you are researching security issues, especially those which may compromise the privacy of others, please do so cautiously in order to respect our usersā€™ privacy. When possible, you should conduct all vulnerability testing against non-production instances of our products to minimize the risk to data and services.

How to Report a Security Vulnerability

All security vulnerabilities are reviewed and tracked through our HackerOne bug submission program. This program is currently not public, but you may request access by emailing our security team atĀ info@icapitalfunds.com.Ā 
Please allow up to 48 hours for your request to be received and your invite to be processed by V & M Consulting Group LLC security team.

Provide details of the potential vulnerability so the V & M Consulting Group LLC Security Team may validate and reproduce the issue quickly. Without the below information, it may be difficult if not impossible to address the potential vulnerability. Reports listing numerous potential vulnerabilities without detail will not be addressed without further clarification.

Details should include:

  • Type of vulnerability
  • A concrete attack scenario. How will the problem impact V & M Consulting Group LLC, its users, and partners? What is the worst thing that could happen if an attacker takes advantage of this security flaw?
  • Whether the information has been published or shared with other parties;
  • Affected products and versions
  • Affected configurations
  • Step-by-step instructions or proof-of-concept code to reproduce the issue.

Out of Scope Vulnerabilities

We review security issues on a case-by-case basis. Here are some of the common low-risk issues that might not be considered serious security vulnerabilities by V & M Consulting Group LLC:

  • Flaws affecting the users due to out-of-date browsers and plugins
  • Clickjacking on pages without sensitive content, authentication, or state changing actions
  • Vulnerabilities dependent upon social engineering techniques
  • Brute force protection on login page
  • Logout cross-site request forgery
  • Any physical attempts against iCapital property or data centersĀ 

Our Security Commitment

For all security vulnerability reporters who follow this policy, V & M Consulting Group LLC will attempt to do the following:

  • Acknowledge the receipt of your report
  • Investigate in a timely manner, confirming the potential vulnerability where possible
  • Provide a plan and timeframe for addressing the vulnerability if appropriate
  • Notify the vulnerability reporter when the vulnerability has been resolvedĀ 

Acknowledging Contribution

V & M Consulting Group LLC is pleased to recognize those who have helped make V & M Consulting Group LLC services safer by finding and reporting security vulnerabilities according to this policy. Each name listed represents an individual or company who has privately disclosed one or more security vulnerabilities and worked with us to remediate the issue. With the agreement of the vulnerability reporter, V & M Consulting Group LLC may acknowledge the reporterā€™s contribution during the public disclosure of the vulnerability so long as the reporter complies with this policy.

V & M Consulting Group LLC does not compensate for reporting security vulnerabilities.

Changes in Policy

We may update or amend this policy at any time with or without notice to you. We encourage you to periodically review this page for the latest information on our privacy practices. If you have any questions regarding this policy, please email us at info@icapitalfunds.

Committed to resolving security vulnerabilities quickly and carefully.

Call Us