We take the security of our systems seriously, and we value the security community. Responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
A security vulnerability is a weakness in the defenses of our services that may compromise the safety of our systems. Security researchers and others who become aware of potential vulnerabilities should make a report using the submission instructions below.
We encourage anyone who believes they have discovered a potential vulnerability, or who has become aware of unauthorized access to confidential Comindware data (including customer data), to inform us immediately to help protect our customers and to improve and strengthen the confidentiality, availability and integrity of our systems.
We promise to:
Acknowledge receipt of reports in a timely manner
Provide an estimated time frame for addressing a vulnerability report
Notify you once the vulnerability has been fixed
Comindware does not offer a bug bounty program or compensation for disclosure.
Reporting Security Vulnerabilities
If you believe you’ve found a security vulnerability in our software please contact us. It will be very valuable to us, Reports should include the following information:
Your name and contact information
Your organization (if applicable)
The Comindware services that may be affected
A detailed description of the issue that you’ve discovered
Supporting technical details, including descriptions or examples of exploit/attack code, packet captures, and steps to reproduce the issue
Any known information about live exploits
We will promptly investigate all reports. If your report relates to a potential vulnerability, it should contain details sufficient for us to reproduce the vulnerability.
We require a reasonable amount of time to remediate the situation before information about the issue is made known to the public.
Do not engage in unauthorized data access, deletion, modification or corruption.
Do not cause service disruptions while testing the vulnerability that you discovered.
Prohibited research activities include denial of service, spamming, social engineering (including phishing), physical attempts against Comindware property or data centers, and other activities that may cause damage to Comindware’s services, systems or to our or our customers’ data, including activities that impact service availability, such as vulnerability scanning tools.
Taking into consideration the safety of our customers/users please do not publish any security vulnerabilities. We expect to fix all security issues within a reasonable amount of time days from the date of the reported security issue. Once an issue has been fixed we will explicitly acknowledge this and at which time you are free to publish your work.
A cookie is a small file placed onto your device that enables website features and functionality.
A cookie is a small text file that a website asks your web browser to store on your device in order to remember information about you, such as your language preference, and enables a website features and functionality.
At Comindware, we believe in being clear and open about what data related to you we collect and how we use this data. And this policy provides detailed information about what cookies we collect and how we use data related to you. This cookies policy applies to the Comindware website.
Always Active Cookies
Ensure your personalized experience and proper website work.
Always active cookies help us with giving you a personalized experience and cannot be switched off in our system. You can set your web browser to block or alert you about these cookies, but some parts of the website may not work then.
Are used for continuous website optimization and improvement.
Performance cookies help us with continuous website optimization and improvement. This cookies make it possible for us to count website visits, track traffic sources, learn which pages are the most popular and helpful and see how visitors navigate around the website. All the data these cookies collect is aggregated and therefore anonymous.