top of page

Vulnerability Disclosure Policy (VDP)

Version: 1.0
Date Issued: October 3, 2024
Effective Date: Immediately
Updated Date: April 3, 2024

Purpose

ABI Resources is committed to ensuring the security and privacy of our users, clients, and stakeholders by safeguarding digital information and maintaining secure information systems. This Vulnerability Disclosure Policy (VDP) provides guidelines for the ethical cybersecurity research community and members of the public to conduct responsible vulnerability discovery activities on ABI Resources’ public-facing systems. It establishes a clear process for submitting any discovered vulnerabilities to ABI Resources, ensuring they are used solely for defensive purposes such as mitigation and remediation.

Authorized Activities

Cybersecurity researchers, often referred to as "researchers," who comply with this policy in conducting vulnerability discovery activities directed at ABI Resources’ systems will be regarded as conducting authorized activities. ABI Resources will not take legal action against researchers who abide by this policy.

Overview

At ABI Resources, maintaining the security of our systems is critical to our mission of providing services to individuals with disabilities. Vulnerabilities discovered in our information systems can potentially pose risks to the privacy and safety of our clients. This policy facilitates open communication with the cybersecurity research community to improve ABI Resources’ security posture.

Vulnerabilities submitted to ABI Resources under this policy will be used solely to mitigate or remediate risks in our networks, services, or those of our vendors.

Researchers must fully understand, review, and agree to the guidelines in this policy before conducting any testing on ABI Resources’ systems and before submitting a report.

Scope of Policy

This policy applies to all ABI Resources systems and services that are accessible from the Internet. This includes all digital assets operated by ABI Resources. If there is any uncertainty about whether a system falls within the scope of this policy, researchers are required to contact ABI Resources at ABI@CTBRAININJURY.com before conducting any further testing.

General Guidelines

To ensure activities are authorized under this policy, researchers must adhere to the following:

  1. Notify ABI Resources within 72 hours of discovering any actual or potential security vulnerabilities.

  2. Avoid privacy violations, degradation of user experience, disruption to systems, or manipulation/destruction of data.

  3. Limit testing to only those activities necessary to confirm a vulnerability.

  4. Do not exploit vulnerabilities to compromise, exfiltrate, or alter data. Do not escalate privileges or establish command line access.

  5. Do not perform lateral movement within ABI Resources’ network.

  6. Do not introduce malware during testing.

  7. Do not publicly disclose vulnerabilities without prior coordination with ABI Resources.

  8. Submit meaningful reports and avoid high volumes of low-quality or false-positive submissions.

 

If sensitive data (e.g., personally identifiable information or proprietary information) is discovered during testing, researchers must stop and report the vulnerability immediately without further accessing the data.

Test Methods

  • Testing must be limited to detecting vulnerabilities or identifying indicators of vulnerabilities in ABI Resources systems.

  • No access or destruction of data: Researchers must not attempt to access, exfiltrate, delete, or modify ABI Resources data.

  • No disruption of services: Researchers must avoid any activity that could impair access to ABI Resources systems.

  • No public disclosure without permission: Disclosure of vulnerabilities is prohibited until the vulnerability has been remediated and explicit written authorization has been obtained from ABI Resources.

 

If at any time researchers are unsure whether to proceed with a certain activity, they must contact ABI Resources at ABI@CTBRAININJURY.com before continuing.

Reporting a Vulnerability

To submit a vulnerability report, researchers must provide a comprehensive summary of the discovered vulnerability, including:

  • Description of the vulnerability and potential impact.

  • Product, version, and configuration of any software or hardware affected.

  • Step-by-step instructions to reproduce the issue.

  • Proof-of-concept.

  • Suggested mitigation or remediation actions, if available.

 

Vulnerability reports should be submitted to ABI@CTBRAININJURY.com. If sensitive material is being submitted, encryption is recommended for data protection.

By submitting a report, researchers agree to the terms of this policy and acknowledge that their communications with ABI Resources will be stored on ABI Resources' systems for the purpose of coordinating remediation.

What You Can Expect from Us

ABI Resources is committed to:

  1. Acknowledging receipt of each vulnerability report within three (3) business days.

  2. Investigating and validating vulnerabilities to ensure appropriate actions are taken to mitigate or remediate identified risks.

  3. Maintaining open communication with researchers throughout the investigation process, including requests for additional information as necessary.

  4. Providing feedback to the researcher regarding the resolution or progress of the vulnerability report.

 

ABI Resources will not initiate legal action against researchers who comply with this policy and will, where necessary, affirm to legal authorities that the research was conducted under authorized terms.

Activities Outside the Scope of this Policy

ABI Resources does not authorize activities that are outside the scope of this policy. Such unauthorized activities include, but are not limited to:

  • Physical testing or social engineering (e.g., spear phishing, pretexting) of ABI Resources personnel or contractors.

  • Denial-of-service (DoS or DDoS) attacks or any activity that impairs access to ABI Resources systems.

  • Exploitation of vulnerabilities for malicious purposes, including establishing backdoors or command-line access.

  • Testing involving systems or assets not owned or controlled by ABI Resources.

 

Researchers engaging in activities inconsistent with this policy may face legal or civil liabilities.

Modification or Termination of this Policy

ABI Resources may modify or terminate this policy at any time without notice. Researchers are responsible for ensuring they comply with the most current version of this policy.

Contact Information

For questions, concerns, or suggestions regarding this policy, or to report vulnerabilities, please contact us at:

ABI Resources
39 Kings HWY STE C
Gales Ferry, CT 06335
Phone: 860-942-0365
Email: ABI@CTBRAININJURY.com

Let's Chat

Phone

860 942-0365

Email

ABI@CTBRAININJURY.COM

Thanks for submitting!

STATE-WIDE SERVICES
(860) 942-0365

BRAIN INJURY

Affiliates

ABI RESOURCES CARF R_edited.png
CT BRAIN INJURY CONNECTICUT SUPPORTED LIVING COMMUNITY CARE ABI WAIVER
Acquired Brain Injury Support Traumatic Brain Injury Rehabilitation Brain Injury Treatment Programs Neurorehabilitation Services Post-Concussion Syndrome Management Cognitive Therapy for Brain Injury Brain Injury Case Management Long-Term Effects of Brain Injury Brain Injury Recovery Resources Brain Injury Support Groups

 

Connecticut Medicaid MFP & ABI Waiver Program
ABI Resources Comprehensive Disability Support Services Across Connecticut

 

Regions Served:
Fairfield | Hartford | Litchfield | Middlesex | New Haven | New London | Tolland | Windham

 

Our Commitment:
At ABI Resources, we are not only dedicated to delivering exceptional care and services, but we also understand firsthand the challenges faced by individuals with brain injuries. Our agency was founded by families of brain injury survivors, ensuring that our support is deeply rooted in personal experience and empathy.

 

Our Services:

  • Housing Assistance: Offering a variety of housing options customized to individual needs.

  • Employment Support: Including Supported Employment, Pre-Vocational Services, and Job Coaching.

  • ILST Life Skills Training: Focused on independent living skills such as cooking, hygiene, and homemaking.

  • Community Involvement: Promoting engagement in arts, music, and media production programs.

  • Health and Wellness: Assistance with hygiene, bathing, and specialized healthcare needs.

  • Advocacy and Support: Active disability advocacy, brain injury support groups, and personalized care plans.

  • Residential Programs: Tailored residential support for individuals with diverse needs.

  • Specialized Staffing: Offering private pay brain injury support with highly trained professionals.

 

Certifications & Contact Information:

  • Homemaker Companion Agency Registration: HCA.0001017

  • Email: ABI@CTBRAININJURY.com

  • Phone: 860 942-0365

  • Fax: 860 464-4960

 

Cultural Inclusivity:

We are committed to serving Connecticut’s diverse community. Our services are accessible to individuals from various cultural and linguistic backgrounds, ensuring that everyone receives the personalized support they need.

Connect with Us:

Follow us on social media for updates:

 

Join Our Team:
Looking for a fulfilling career in home care and community support? Explore opportunities at ABI Resources, including DSP, RA, CNA, PCA, and ILST jobs across Connecticut.

ABI Resources: Your Partner in non medical non therapeutic Community Care and Supported Living.

© 2024 ABI Resources | Connecticut ABI Waiver Program

Explore More About ABI Resources:

  • Blog Insights: News, updates, and more.

  • Client Rights: Learn more about your rights as a client.


Brain Injury Community of Connecticut BICC
CTBRAININJURY  CT ABI Waiver


Explore More About ABI Resources:​ Blog Insights: By Tags By Categories Archives  Latest Posts News: Dynamic News 
 

CT BRAIN INJURY CONNECTICUT SUPPORTED LIVING COMMUNITY CARE ABI WAIVER
  • X Twitter Brain Injury TBI
  • Facebook Brain Injury TBI Stroke
  • Youtube Brain Injury TBI Stroke
  • Instagram Brain Injury TBI Stroke
  • Linkedin Brain Injury TBI Stroke
  • TIKTOX Brain Injury TBI Stroke

Accessibility  Privacy Policy  Disclaimers  Universal Website Accessibility Policy  Client Rights  Nondiscrimination  Plug-ins EEOP Disclosure VDP

bottom of page