If you believe you have found a security issue that meets COINS definition of a vulnerability, please submit a report to our security team via one of the methods below:
Please include the following information in your report:
COINS values the members of the independent security research community who find security vulnerabilities and work with COINS so that security fixes can be issued to all customers. COINS does not operate a bounty programme but it is our policy to credit all researchers when a fix for the reported security bug is issued. In order to receive credit, security researchers must follow responsible disclosure practices, including:
We are unable to respond to bulk reports generated by automated scanners.
If you identify issues using an automated scanner, it is recommended that you have a security practitioner review the issues and ensure that the findings are valid before submitting a vulnerability report to COINS.
COINS follows the MITRE.org definition of a security vulnerability which defines a security vulnerability as “a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability.
Mitigation of the vulnerabilities in this context typically involves coding changes but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).”
Congratulations! Your email alert has been set up. |