Vulnerability Disclosure Process
Red Piranha develops security technologies to protect businesses around the world. To achieve this, we maintain high standards of product quality and service delivery to our customers.
In response to potential cybersecurity threats to our technology platform, our global security team has developed a vulnerability disclosure process. This allows us to monitor evolving threats and apply our process of continual improvement to ensure that we’re always ahead of the curve in technological advancements.
Contact information and vulnerability submission process
Potential security vulnerabilities or privacy issues with a Red Piranha product should be logged on our website. We ask that you please refrain from including sensitive information (eg; sample information, PII, etc.) as a part of any submissions to us. Please provide the following information in your submission:
- Your contact information (eg; name, address, phone number and email)
- Date and method of discovery
- Description of potential vulnerability
- Product name
- Version number
- Configuration details
- Steps to reproduce
- Tools and methods
- Exploitation code
- Privileges required
- Results or impact
- What happens next
Upon receipt of a potential product vulnerability submission, we will:
- Acknowledge receipt of the submission within five (5) business days
- Work with our product team to evaluate and validate reported findings
- Contact the submitter to request additional information, if needed
- Take appropriate action
Red Piranha considers it a top priority to protect the security and the personal information, of our customers.
When conducting your security research, please avoid actions that could cause harm to clients or products. Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products in a live environment.
Red Piranha reserves the right to modify its vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested.