Security

Report a Vulnerability

If you believe you have found a security issue that meets COINS definition of a vulnerability, please submit a report to our security team via one of the methods below:

Please include the following information in your report:

  • Type of issue (cross-site scripting, SQL injection, remote code execution, etc.)
  • Product and version with the bug or a URL if dealing with a cloud service
  • The potential impact of the vulnerability (i.e. what data can be accessed or modified)
  • Step-by-step instructions to reproduce the issue
  • Any proof-of-concept or exploit code required to reproduce

Security Researchers

COINS values the members of the independent security research community who find security vulnerabilities and work with COINS so that security fixes can be issued to all customers. COINS does not operate a bounty programme but it is our policy to credit all researchers when a fix for the reported security bug is issued. In order to receive credit, security researchers must follow responsible disclosure practices, including:

  • They do not publish the vulnerability prior to COINS releasing a fix for it.
  • They do not divulge exact details of the issue, for example, through exploits or proof-of-concept code.

Automated Scanners

We are unable to respond to bulk reports generated by automated scanners.

If you identify issues using an automated scanner, it is recommended that you have a security practitioner review the issues and ensure that the findings are valid before submitting a vulnerability report to COINS.

Definition of a Vulnerability

COINS follows the MITRE.org definition of a security vulnerability which defines a security vulnerability as “a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability.

Mitigation of the vulnerabilities in this context typically involves coding changes but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).”

What to expect

  • After you have submitted your report, we will respond to your report within 5 working days and aim to triage your report within 10 working days.
  • Priority for bug fixes or mitigations is assessed by looking at the impact severity and exploit complexity. Vulnerability reports might take some time to triage or address.
  • When the reported vulnerability is resolved, or remediation work is scheduled, COINS will notify you, and invite you to confirm that the solution covers the vulnerability adequately.
  • We’ll also keep you informed about our progress throughout the process.

 

 

© COINS Global 2022

Get jobs by email

Not registered? Sign up here

 

Already registered?

 

Congratulations! Your email alert has been set up.
 
 

Please enter your details here

 

Already have a Client Area login?