Security


About

Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product. For this reason, we have implemented a number of security measures and we’re committed to securing application data, eliminating vulnerabilities and finally ensuring business continuity

For questions regarding security please email [email protected]

Vulnerability Disclosure

If you would like to report a vulnerability or have any security concerns with any of Cognism products, please contact [email protected].

Include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Vulnerability bounties (aka bug bounties) are determined on a case by case basis.

Rules for you

  • Don’t attempt to gain access to another user’s account or data.

  • Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.

  • Don’t publicly disclose a bug before it has been fixed.

  • Only test for vulnerabilities on sites you know to be operated by Cognism.

  • Do not impact other users with your testing.

  • Don’t use scanners, scrapers or any other automated tools in your testing.

  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

  • When in doubt, contact us at [email protected].

Rules for us

  • We will respond as quickly as possible to your submission.

  • We will keep you updated as we work to fix the bug you submitted.

  • We will not take legal action against you if you play by the rules.


What does not qualify?

  • Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari). Bugs related to browser extensions are also out of scope.

  • Bugs requiring exceedingly unlikely user interaction.

  • Submissions which don’t include steps to reproduce the bug, or only include those steps in video form.

  • Insecure cookie settings for non-sensitive cookies.

  • Disclosure of public information and information that does not present significant risk.

  • Bugs in content/services that are not owned/operated by Cognism.

  • Scripting or other automation and brute forcing of intended functionality.

  • When in doubt, contact us at [email protected].

Bug Bounty Awards:

  • Critical Severity Vulnerability:$1200

  • High Severity Vulnerability: $600

  • Medium Severity Vulnerability: $300

  • Low Severity Vulnerability: $150