Responsible Disclosure

Think you found a vulnerability in one of our systems? We want to hear about it. Report it to responsible-disclosure@cyberfusion.io and we will work with you to fix it.

Step 1

Report the vulnerability

Send an email to responsible-disclosure@cyberfusion.io with the following information:

A description of the vulnerability
A reproducible example demonstrating the issue
The IP address or URL of the affected system
Any additional information that helps us understand the issue

You can submit your report anonymously. Your report will be treated confidentially and your personal data won't be shared with third parties without your consent, unless legally required.

Step 2

What we ask of you

To keep this process fair for everyone:

Don't exploit the vulnerability beyond what is necessary to demonstrate it
Don't share details about the vulnerability until it has been resolved
Don't perform physical security attacks, social engineering, DDoS attacks, or spam
Don't target third-party applications

If you follow these conditions, we won't pursue legal action against you.

Step 3

Our response

You will receive a substantive response within 3 days. We keep you updated on our progress as we work on a fix.

Step 4

After resolution

Once the vulnerability has been resolved, we ask that you delete any confidential data obtained during your research. If you would like to be publicly recognised, we will add you to our Hall of Fame below. Rewards vary based on the severity of the vulnerability. We ask to be involved in any public disclosure.

Hall of Fame

Security researchers who responsibly disclosed vulnerabilities in our systems.

Kunal Mhaske Reported a clickjacking vulnerability and a password reset imperfection

Hari Krishnan Reported a password reset procedure imperfection

Got a question? Email or call William.

William David Edwards · founder

sales@cyberfusion.io +31 (0)40 711 44 96

See more contact options →