Reporting
BlueConic takes security and privacy very seriously and investigates all reported vulnerabilities.
If you would like to report a vulnerability or have a security or privacy concern regarding BlueConic, please email security@blueconic.com, so we can investigate as soon as possible.
So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.
Please describe the suspected vulnerability as much as possible, for example:
- Cross-site request forgery (CSRF)
- Cross-Site scripting
- Open redirector
- Privacy leaks
- Authentication
- API
Scope:
- Website
- BlueConic environment
- URL you have found the vulnerability on
- Browser you used
Evaluation
Once the report has been submitted, BlueConic will work to validate the reported vulnerability. If additional information is required in order to validate or reproduce the issue, BlueConic will work with you to obtain it. When the initial investigation is complete, results will be delivered to you along with a plan for resolution.
BlueConic is committed to being responsive and keeping you informed of our progress as we investigate and mitigate your reported security concern. You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability. You will receive progress updates from us at least every five working days.