Pricing Watch a Demo Get a Demo
Pricing Watch a Demo Get a Demo
Get a Demo

Cynet Responsible Disclosure Policy

 

At Cynet, we prioritize the security and trust of our customers. We recognize the invaluable role that security researchers and the broader community play in identifying potential vulnerabilities. We are committed to working collaboratively to address and remediate any security issues promptly.

 

Our Commitment to You

When you report a vulnerability to Cynet:

  • Acknowledgment: We will acknowledge receipt of your report within 7 business days.
  • Investigation: Our security team will investigate the reported issue promptly.
  • Transparency: We will keep you informed of the progress and any remediation steps.
  • Credit: With your permission, we will acknowledge your contribution in our security advisories or release notes.

 

Guidelines for Responsible Disclosure

To ensure a constructive and secure process:

  • Good Faith: Engage in responsible research without violating privacy, disrupting services, or accessing unauthorized data.
  • Confidentiality: Do not disclose the vulnerability publicly until we have addressed it and given you permission.
  • Detailed Reports: Provide comprehensive details to help us understand and reproduce the issue, including:
    • Description of the vulnerability.
    • Steps to reproduce.
    • Potential impact.
    • Any relevant screenshots or proof of concept.

 

Reporting a Vulnerability

If you believe you’ve discovered a security vulnerability in our systems or products, please contact us at: [email protected]

Please include:

  • A clear description of the issue.
  • Steps to reproduce the vulnerability.
  • Any supporting materials (e.g., screenshots, logs).

 

Scope

Our Responsible Disclosure Policy applies to:

  • In-Scope:
    • All public-facing web applications owned by Cynet.
    • APIs and services provided by Cynet.
    • Cynet endpoint agent applications
  • Out-of-Scope:
    • Third-party services and applications.
    • Social engineering or phishing attacks.
    • Physical security vulnerabilities.

 

Legal Safe Harbor

We will not initiate legal action against researchers who:

  • Act in good faith to report vulnerabilities.
  • Adhere to this Responsible Disclosure Policy.
  • Avoid privacy violations, service disruptions, and unauthorized data access.

 

 

Search results for: