Report a Vulnerability

PSTI REPORT A VULNERABILITY

If you have identified or suspect a security risk/vulnerability, you should report this via our Report a Vulnerability contact form below

Guidelines for Reporting

• Provide a clear and concise description of the vulnerability, including the product and version affected.
• Include steps to reproduce the vulnerability or proof-of-concept code if available.
• Do not disclose the vulnerability publicly or to third parties until we have had an opportunity to address it. 

Communication and Acknowledgement 

• Acknowledgement: We aim to acknowledge receipt of all vulnerability reports as soon as possible, but no later than 7 days from submission provided that you have provided means of contact.
• Confidentiality: We ask that all communications regarding the vulnerability be kept confidential to protect our customers and products. We are committed to maintaining the confidentiality of the reporter and any sensitive information related to the report.
• Professional Engagement: We pledge to engage professionally and positively with all vulnerability reporters. We recognise the invaluable contribution of the security community and are committed to treating all reporters with respect. 

Vulnerability Resolution 

• Understanding and Resolution: Our compliance team will work closely with the reporter to understand the nature of the reported vulnerability and develop a plan for its resolution.
• Resolution Timeline: We aim to resolve any reported vulnerabilities within 90 days from the acknowledgment of the report. This includes deploying updates to affected products and implementing measures to mitigate the risk of future vulnerabilities.

Mitigation: In cases where immediate resolution is not feasible, we will take appropriate temporary measures to mitigate the risks posed by the vulnerability to our customers and their data.