Vulnerability Disclosure
Insurity is committed to high security standards to assure our customer data is protected. This policy allows Insurity to partner with our clients to secure our corporate systems and applications while providing clear guidelines on how to submit discovered vulnerabilities to us.
Please note that all Insurity systems are deemed private and confidential. You must obtain written consent prior to scanning or conducting vulnerability research on any Insurity networks or applications. Provided however, if in the course of your interactions with our systems as an Insurity customer you notice security vulnerabilities, we encourage you to report the vulnerability using this page as well. Your report will be forwarded to the appropriate parties for timely acknowledgement and verification. Verified issues will then be passed to our development teams for remediation on a timeline commensurate with the severity of the issue. Please note that you are expected to engage in security research responsibly and without any disruption to Insurity’s systems or customers' experience.
Insurity does not operate a bug bounty program and does not authorize vulnerability research without prior consent under any circumstances. By submitting a vulnerability, you acknowledge that you have no expectation of payment and waive any future pay claims against Insurity related to your submission.
If you are a client of Insurity and wish to inquire about guidelines, scope and test methods authorized or have any other questions regarding vulnerability disclosure, please contact us.