Skip to main content

Acceptable Use Policy

Effective Date: January 20, 2025

This Acceptable Use Policy ("AUP") governs the use of CyberSecFeed API services. By using our Service, you agree to comply with this policy.

1. Permitted Use

The CyberSecFeed API is designed for legitimate cybersecurity purposes:

  • Vulnerability management and assessment
  • Security research and analysis
  • Compliance monitoring
  • Risk assessment and prioritization
  • Integration with security tools and platforms

2. Prohibited Activities

2.1 Security Violations

You may not:

  • Attempt to breach or test the security of our systems without written permission
  • Access or use another user's account or API key
  • Interfere with or disrupt the Service or servers
  • Attempt to decrypt, reverse engineer, or derive source code
  • Use the Service to facilitate cyber attacks or malicious activities

2.2 Resource Abuse

You may not:

  • Exceed your assigned quota or rate limits
  • Use automated means to circumvent usage restrictions
  • Create multiple accounts to bypass limitations
  • Engage in mass data scraping beyond your subscription limits
  • Share or resell your API access

2.3 Illegal Activities

You may not use the Service:

  • For any unlawful purpose or to promote illegal activities
  • To violate any applicable laws or regulations
  • To infringe on intellectual property rights
  • In countries subject to U.S. trade sanctions
  • To process data you don't have rights to process

2.4 Harmful Content

You may not:

  • Submit malware, viruses, or malicious code
  • Use the Service to distribute spam or phishing attempts
  • Transmit content that is defamatory, threatening, or harassing

3. API-Specific Rules

3.1 Authentication

  • Keep your API key confidential and secure
  • Don't share API keys publicly (e.g., in code repositories)
  • Immediately report any suspected compromise

3.2 Rate Limiting

  • Respect rate limits and implement exponential backoff
  • Don't use distributed systems to circumvent rate limits
  • Cache responses appropriately to minimize requests

3.3 Data Usage

  • Use CVE data only for intended security purposes
  • Maintain attribution to original data sources where required
  • Don't misrepresent data accuracy or freshness

4. Consequences of Violation

Violations of this AUP may result in:

  • Warning notification
  • Temporary suspension of access
  • Permanent termination of service
  • Legal action for severe violations
  • Reporting to law enforcement if required

5. Reporting Violations

To report AUP violations or security concerns:

  • Email: [email protected]
  • Include detailed information and evidence
  • We investigate all credible reports

6. Cooperation

You agree to:

  • Cooperate with investigations of potential violations
  • Provide information reasonably requested for security purposes
  • Implement recommended security measures

7. Changes to This Policy

We may update this AUP as needed. Material changes will be notified via email. Continued use after changes constitutes acceptance.

Questions? Contact [email protected] for clarification on acceptable use.