Security Vulnerability Disclosures
Reporting
If you have identified a potential security vulnerability in CORTEX, please report it by submitting a vulnerability report here.
In your report, please include the following details:
Describe where in the product have you spotted the potential vulnerability.
Include a brief description of the type of vulnerability if you know.
Steps to help us reproduce the issue.
What happens next?
Once we receive your report, we will observe our standard Product Support processes. If you have provided us with contact details, we will assume you would like us to keep you updated and we will contact you. If you have submitted the vulnerability anonymously, we will not be able to contact you.
Guidance
If you identify any potential vulnerability you must not:
Breach any agreement between our businesses to report, to share or other notify anybody except for CORTEX Ltd, unless doing so in accordance with applicable laws, regulations or policies of your employer or customer.
Break any applicable law, regulation or other governing rules.
Exploit the vulnerability to access unnecessary, excessive, or significant amounts of data.
Attempt to disrupt or modify data, systems or services.
Attempt any form of denial of service.
You must:
Always comply with data protection rules and respect the privacy of any data. You must not share, redistribute, or improperly secure data retrieved from a potential vulnerability.
Securely delete all data retrieved during your research as soon as it is no longer required or within one month of the vulnerability being resolved, whichever comes first (or as otherwise directed by CORTEX, or as required by the governing data protection law).
This policy is designed to align with common vulnerability disclosure best practices. It does not grant you permission to act in a manner inconsistent with the law or cause CORTEX, its partners or its Customers to breach any legal obligations.
To submit a report please go here.