Improving the Security of CyberSentriq's Products and Services
CyberSentriq values the work of security experts and supports a coordinated approach to responsibly improving the security of all products and services.
CyberSentriq is dedicated to working with the security research community to investigate, reproduce and where practical, address any legitimate reported vulnerabilities. The community is actively encouraged to participate in CyberSentriq’s responsible reporting process.
If you are a security expert and would like to report a security vulnerability, please send an email to: bugbounty@cybersentriq.com. Provide your name, contact information, and company name (if applicable) with each report.
Responsible Disclosure Guidelines
CyberSentriq will investigate legitimate reports and make every effort to address quickly any vulnerability discovered. To encourage responsible reporting, CyberSentriq will work alongside you to address legitimate reports if you comply with the following Responsible Disclosure Guidelines (RDG):
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability
- Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of CyberSentriq’s services
- Preferably, use the CyberSentriq Preview environment for any investigations
- Do not modify or access data that does not belong to you
- Give CyberSentriq a realistic timeframe to correct the issue before making any information public
CyberSentriq offers bug bounties to security researchers for reports that meet the following criteria:
- Vulnerability report must be newly reported (not already logged),
- Vulnerability report must carry a determined severity rating (Low, Medium, High or Critical) as provided by our software security team,
- Vulnerability report must be a first-party issue. E.g., relates to software or services developed by CyberSentriq and not a supplier of CyberSentriq
- The vulnerability report must be clearly articulated and well-reasoned, with all steps clearly documented. Video or screen recordings also qualify. Where possible scripts or workings should be provided too, so that these can be tested and validated
CyberSentriq will attempt to respond to your report within three business days.