Responsible Vulnerability Disclosure Policy

Introduction

At TMT, the security of our systems is a top priority.

We value the contributions of security researchers and the broader security community in helping us maintain a secure environment for our users and data. This policy provides guidelines for security researchers to report potential vulnerabilities in our systems and outlines our commitment to working with the community to verify, reproduce, and respond to legitimate reports.

Scope

This policy applies to all public-facing TMT web applications and services.

While we encourage research into our systems, the following are out of scope:

• Physical security of TMT facilities
• Social engineering (e.g., phishing, vishing) of TMT employees, contractors, or customers 
• Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks 
• Reports from automated vulnerability scanners with no additional analysis
• Vulnerabilities in third-party services or applications that integrate with TMT

How to Report a Vulnerability

If you believe you have discovered a security vulnerability in one of our in-scope systems, please report it to us by emailing RDP@tmtid.com .  

To help us effectively assess your report, please include the following information:

• A detailed description of the vulnerability: including its location and potential impact. 
• Steps to reproduce the vulnerability: including any proof-of-concept scripts, screenshots, or screen captures. 
• Your contact information: (optional) so we can follow up with you for more information if needed. You can also report anonymously.

What to Expect From Us

Upon receiving your report, we are committed to the following:

• We will acknowledge receipt of your report within 5 business days.
• We will triage your report and provide an expected timeline for resolution.
• We will maintain an open line of communication with you throughout the remediation process.
• We will notify you when the vulnerability has been resolved.

Safe Harbour

TMT will not initiate legal action against security researchers who discover and report vulnerabilities in good faith and in accordance with this policy.

We consider research conducted under this policy to be authorized and will not pursue civil action or file a complaint with law enforcement for accidental, good-faith violations of this policy.

Rules of Engagement

We ask that all security researchers adhere to the following rules:

• Do not access, modify, or delete any data that does not belong to you.
• Do not disrupt any of our services or systems.
• Do not publicly disclose any vulnerability without our prior written consent. We will work with you to coordinate a public disclosure if appropriate.
• Provide us with a reasonable amount of time to resolve the issue before any public disclosure.

Acknowledgments

To show our appreciation for the security researchers who help us keep our systems secure, we would like to offer public recognition on our website. Please let us know if you would like to be publicly credited for your discovery.

What Our Customers Are Saying

"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."

MaxMind

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

Business Telecommunications Services

"We have had a long-standing and successful relationship with TMT ID. Our strategic partnership advances both companies’ mobile fraud solutions in a way that is truly unique in the market."

netnumber

"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."

LATRO

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."

Deutsche Telekom Global Carrier

❮

❯

Ready to get started?

We provide the most comprehensive device, network and mobile numbering data available