Security

About

Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product. For this reason, we have implemented a number of security measures and we’re committed to securing application data, eliminating vulnerabilities and finally ensuring business continuity

For questions regarding security please email [email protected]

Vulnerability Disclosure 

If you would like to report a vulnerability or have any security concerns with any of Cognism products, please contact [email protected]

Include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Vulnerability bounties (aka bug bounties) are determined on a case by case basis.

Rules for you

  • Don’t attempt to gain access to another user’s account or data.
  • Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
  • Don’t publicly disclose a bug before it has been fixed.
  • Only test for vulnerabilities on sites you know to be operated by Cognism.
  • Do not impact other users with your testing.
  • Don’t use scanners, scrapers or any other automated tools in your testing.
  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
  • When in doubt, contact us at [email protected]

Rules for us

  • We will respond as quickly as possible to your submission.
  • We will keep you updated as we work to fix the bug you submitted.
  • We will not take legal action against you if you play by the rules.

What does not qualify?

  • Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari). Bugs related to browser extensions are also out of scope.
  • Bugs requiring exceedingly unlikely user interaction.
  • Submissions which don’t include steps to reproduce the bug, or only include those steps in video form.
  • Insecure cookie settings for non-sensitive cookies.
  • Disclosure of public information and information that does not present significant risk.
  • Bugs in content/services that are not owned/operated by Cognism.
  • Scripting or other automation and brute forcing of intended functionality.
  • When in doubt, contact us at [email protected]