Although our team of Security Engineers are making every effort to mitigate all the Vulnerabilities in our applications and systems, BriskInfosec invites independent security groups and individual researchers to find and report vulnerabilites in our systems and applications to help us make it even safer for our Clients. It is our mission to keep our Clients safe online by providing secure products to protect them and maintain their privacy. We constantly monitor and test our applications and systems but are aware that as a global Cyber Security company, we will always be a target for cybercriminals. If you discover a vulnerability in our products, website, or system, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible. We take all reports regarding a security issue seriously and will work with you to thoroughly analyze your findings.
Report any indications for a potential security vulnerability to BriskInfosec by emailing [email protected] You can submit the vulnerability report anonymously if you don't want to disclose your identity.
Guidelines & Rules
Don't violate the privacy of other Client users, destroy data, disrupt our services (Website pentest), etc
Provide detailed information about your findings with proper explanation about the vulnerability, its business logic impacts and steps to reproduce the issue (including available indications, for example, IP addresses, logs, screenshots).
Do not take advantage of the vulnerability or the problem you have discovered for ex: attempts to exploit vulnerability that disrupts the busisness flow of applications, tampering with clients data for demonstrating the vulnerability etc., In such case BriskInfosec has the authority to take legal action and disqualify your report.
Do not disclose information about the vulnerability publicly until we have taken action to fix it completely.
Once you report a vulnerability to us, we will respond within Five business days to work with you on evaluating the issue and determining next steps.
We will handle your report with strict confidentiality, and will not pass any of your details to any third party without your explicit permission. We will keep you informed of progress as we resolve the issue.
If eligible for hall of fame, With your permission, we will credit you by giving your name as the discoverer of the problem (unless you do not want us to), and you will be a proud member of BriskInfosec's Responsible Disclosure hall of fame.