AMS is committed to maintaining the security of our products and services. We welcome responsible reports of suspected security vulnerabilities from customers, security researchers, suppliers, and other third parties.
If you believe you have identified a security vulnerability in an AMS product, service, website, API, integration, or other customer-facing system, please report it to us using the contact details below.
Vulnerability Disclosure Policy
How To Report A Vulnerability
When reporting an issue, please provide as much of the following information as possible:
- The product, service, website, API, or integration affected
- A description of the suspected vulnerability
- The steps required to reproduce the issue
- The potential impact
- Any supporting evidence, such as screenshots, logs, or request/response details
- Your contact details, if you would like a response from us
Please send vulnerability reports to security@ams-ltd.com
What To Expect
AMS will:
- Treat vulnerability reports as confidential
- Review and triage suspected vulnerabilities promptly
- Assess the impact and take appropriate action
- Request further information where needed
- Consider whether customer notification, mitigations, workarounds, or security updates are required
Where appropriate, AMS may contact the reporter for clarification or to confirm that the issue has been understood and addressed.
Responsible Reporting
Please can we ask that you:
- Act in good faith
- Avoid any action that could harm AMS, its customers, users, or services
- Do not access, modify, delete, or exfiltrate data that does not belong to you
- Do not exploit a vulnerability beyond what is necessary to demonstrate the issue
- Do not carry out denial-of-service, destructive, or disruptive testing
- Do not use social engineering, phishing, or physical attacks
- Do not publicly disclose the issue until AMS has had a reasonable opportunity to investigate and respond
Confidentiality
AMS asks that suspected vulnerabilities are reported privately through the contact route above and not disclosed publicly until the issue has been assessed and, where necessary, remediated.
Updates and Notifications
Where a reported vulnerability is confirmed and affects supported products or services, AMS will assess whether mitigations, customer communications, or security updates are required.