Responsible Disclosure Policy
Responsible Disclosure Policy
Think you found a vulnerability in one of our systems? Please report this by sending an email to responsible-disclosure@cyberfusion.io. On this page, you will find the information you need to send, and the procedure.
The report will be treated confidentially. We do not share your personal data with third parties without permission - unless this is necessary to comply with a legal obligation.
It is possible to submit the report under a pseudonym.
Please include this information about any vulnerability
- Description.
- Reproducible example.
- IP address or URL of affected system.
- Any additional information.
Conditions
- Do not abuse any vulnerability. For example, do not download more data than necessary.
- If necessary, share the vulnerability with others only after it has been resolved.
- Do not use attacks on physical security, social engineering, distributed denial of service, and spam or third-party applications.
- Adhere to these conditions? Then we will not take legal action.
After the notification has been sent
- You will receive a substantive response to the report within 3 days.
- You will be kept informed of the progress.
After any vulnerability has been resolved
- Delete any confidential data.
- Want your name to be published in the 'hall of fame' below? Let us know.
- The possible reward depends on the scope.
- We would like to be involved in any publication.
Hall of Fame
Kunal Mhaske
Reported a clickjacking vulnerability on platform.cyberfusion.io, and an imperfection in the 'password reset' procedure.
Legal or privacy questions?
Email info@cyberfusion.io