Report a security concern responsibly

Send reports to security@credentis.com with the subject line “Security Disclosure”. Do not use the general inquiry route for active security reporting unless specifically directed to do so.

Include a clear summary of the issue, affected URL or asset, reproduction steps, observed impact, time of discovery, testing source IP if relevant, and any supporting screenshots or logs that can be safely shared.

Act in good faith, avoid privacy intrusion, minimize impact, stop testing once sufficient evidence has been gathered, and provide enough detail for Credentis to reproduce and assess the report.

Do not access data that is not your own, do not disrupt service availability, do not deploy malware, do not use social engineering, do not perform destructive testing, and do not publicly disclose unresolved issues before Credentis has had a reasonable opportunity to review them.

Credentis will aim to acknowledge good-faith reports within a reasonable time and may request clarifying information where needed. Resolution timing depends on issue severity, operational context, and verification requirements.