Security of our systems is extremely important. Do you believe to have found a security issue?
At CMNTY, we consider the security of our systems, our network and our products, of utmost importance. Despite the great care we take regarding security, weak points can still remain. If you have found such a weakness, we would like to hear about it as soon as possible so that we can take appropriate measures as quickly as possible.
Weak points can be discovered in two ways: you can accidentally come upon something during the normal use of a digital environment, or you can explicitly do your best to find them. Our responsible disclosure policy is not an invitation to actively scan our business network to discover weak points. We monitor our business network ourselves. This means that there is a high chance that a scan will be detected, and that an investigation will be performed by our team, which could result in unnecessary costs. You are, however, invited to actively search for vulnerabilities in our products in a non-production environment and to report your findings to us.
Our responsibility to our customers means that our intention is not to encourage hacking attempts on their infrastructure; however, we would like to hear from you as quickly as possible if vulnerabilities are found, so that we can resolve them adequately. We would like to work with you to better be able to protect our customers and our systems.
Although CMNTY does not have an active bug bounty scheme, we will make an appropriate monetary reward available for reports that actually lead to remedying a vulnerability or a change in our services. We decide whether the report is eligible, and the nature and amount of the remuneration.We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.