Report a vulnerability or security incident

Responsible Disclosure

Have you discovered a security flaw on the CerQlar platform? Please notify us before informing the outside world, so that we can first take action. Doing so is called “responsible disclosure”.

To submit a vulnerability report to CerQlar’s Product Security Team, send an email to security@cerqlar.com

We would like to ask you to please follow these steps:

  • Do give enough detail to enable us to reproduce the flaw so that it can be remedied as soon as possible. The more complicated the flaw, the more detail we will require.
  • Do include how you found the bug and any potential remediation.
  • Do leave your contact details so that we can contact you later. At least an email address or telephone number.
  • Do report the flaw as soon as possible after discovering it.
  • Do deal responsibly with the information in your possession. Do nothing beyond what is necessary to demonstrate the security flaw.
  • Do include any plans or intentions for public disclosure.

What not to do:

  • Do not send malware;
  • Do not copy, change, or delete data in the system concerned;
  • Do not change the system;
  • Do not repeatedly visit the system or share access with others;
  • Do not use “brute force” to open the system;
  • Do not try denial of service or social engineering;
  • Do not share any information about the flaw with others until it has been remedied.

What you can expect from CerQlar:

  • A timely response to your email (within two business days).
  • After triage, an expected timeline and a commitment to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
  • An open dialog to discuss issues.
  • Notification when the vulnerability analysis has been addressed.
  • Credit after the vulnerability has been validated and fixed, if you wish.

Thank you.