Vulnerability Disclosure Policy

This policy gives security researchers a point of contact to directly submit their research findings if they believe they have found a potential security vulnerability within PI Data Analytics.

About this policy

The security of PI Data Analytics’s systems is a top priority and we take every care to keep them secure. Despite our efforts, there may still be vulnerabilities.

PI Data Analytics is keen to engage with the security community. This policy allows security researchers to share their findings with PI Data Analytics. If you think you have found a potential vulnerability in a PI Data Analytics system, service or product, please tell us as quickly as possible.

We do not provide compensation for finding potential or confirmed vulnerabilities, nor do we publish the names or details of researchers that have provided vulnerabilities.

What this policy covers

This policy covers:

any product or service wholly owned by PI Data Analytics to which you have lawful access

any product or service wholly owned by one of PI Data Analytics’s portfolio agencies to which you have lawful access.

This policy does not cover:

clickjacking

social engineering or phishing

weak or insecure SSL ciphers and certificates

denial of Service (DoS)

physical attacks

attempts to modify or destroy data.

How to report a vulnerability

To report a vulnerability, please use PI Data Analytics’s contact form. Provide enough detail that we can reproduce your steps.

If you report a vulnerability under this policy, please keep it confidential. Do not make your research public until PI Data Analytics has finished investigating and fixed or mitigated the vulnerability.