Documentation Index

Fetch the complete documentation index at: https://help.cirrusassessment.com/llms.txt

Use this file to discover all available pages before exploring further.

Report Vulnerability

  • Updated on May 28, 2026
  • Published on Nov 7, 2022
  • 1 minute(s) read
  • Jeroen Habets
  • Aiden Molavi
 Prev

Responsible disclosure

At Cirrus, we consider the security of our systems a top priority. No matter how much effort we put into system security, vulnerabilities may still be present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We ask you to help us better protect our clients and our systems through Coordinated Vulnerability Disclosure (CVD).

Please do the following:

  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability, or deleting or modifying other people's data.
  • Do not reveal the problem to others until it has been resolved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications.
  • Provide sufficient information to reproduce the problem so we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

What we promise:

  • We will respond to your report within 3 business days with our evaluation and an expected resolution date.
  • If you have followed the instructions above, we will not take any legal action against you in regard to the report.
  • We will handle your report with strict confidentiality and will not pass on your personal details to third parties without your permission.
  • We will keep you informed of progress towards resolving the problem.
  • In public communications about the problem reported, we will credit you as the discoverer (unless you prefer otherwise).

We strive to resolve all problems as quickly as possible and aim to play an active role in the ultimate publication on the problem after it is resolved.

Attribution: Based on the example responsible disclosure policy at https://responsibledisclosure.nl/en/ as a complement to the responsible disclosure guideline published by the Dutch National Cyber Security Centre (NCSC).