Vulnerability Reporting Program

    Overview

    Signority highly values the community’s professional expertise in uncovering and reporting software vulnerabilities and bugs. This makes a stronger and safer Internet community for everyone. While we do not receive many reports, we highly value each suspected vulnerability or bug reported to us and take each one seriously, through to remediation when required. This program does not provide monetary rewards for submissions; however we will publicly acknowledge the submitter, in our release notes, if agreed to.

    The Process

    Individuals who are the first to report a vulnerability will be the one acknowledged once the vulnerability or bug is confirmed and resolved if the submitter wishes to be publicly acknowledged. If there are additional individuals involved in researching the vulnerability or bug, please provide their name(s) and what their contribution was to the findings when submitting the report.

    Our Policies

    To protect our customers, we request that reporting individuals wait to publicly announce the find until a resolution has been created and tested thoroughly and then communicated to our customers.

     

    Please do not test for phishing, social engineering, or denial of service; engage in any activity that can potentially or actually cause harm to Signority, our customers, or our employees; or engage in any activity which violates the law.

    Contact Information

    Please send suspected vulnerabilities and bugs to security@signority.com and include the following information:

     

    • Concise steps to reproduce the vulnerability or bug.
    • The impact of the vulnerability or bug, if known.
    • Technical details about the finding, including URL(s) information and screenshots.

     

    We will keep the reporting individual updated as our research and remediation is in progress.