Responsible Disclosure

Found a vulnerability in one of our systems? We'd love to hear it. Send an email to responsible-disclosure@cyberfusion.io and we'll fix it.

Report a vulnerability
Step 1

Report the vulnerability

Send an email with the following information:

  • A description of the vulnerability
  • A reproducible example demonstrating the issue
  • The IP address or URL of the affected system
  • Any additional information that helps us understand the issue

You can submit your report anonymously. Your report will be treated confidentially and your personal data will not be shared with third parties without your consent, unless required by law.

Conditions
Step 2

What we ask of you

To keep this process fair for everyone:

  • Don't exploit the vulnerability beyond what is necessary to demonstrate it
  • Don't share details about the vulnerability until it has been resolved
  • Don't perform physical security attacks, social engineering, DDoS attacks, or spam
  • Don't target third-party applications such as our customers

If you follow these conditions, we won't pursue legal action against you.

Our response
Step 3

Our response

You will receive a substantive response within 3 days. We keep you updated on our progress as we work on a fix.

After resolution
Step 4

After resolution

Once the vulnerability has been resolved, we ask that you delete any confidential data obtained during your research. If you would like to be publicly recognised, we will add you to our Hall of Fame below. Rewards vary based on the severity of the vulnerability. We ask to be involved in any public disclosure.

Hall of Fame

Security researchers who responsibly disclosed vulnerabilities in our systems.

KM

Kunal Mhaske

Reported a clickjacking vulnerability and a password reset imperfection
HK

Hari Krishnan

Reported a password reset imperfection
William David Edwards

Got a question? Call or email William.

William David Edwards · founder

See more contact options →