Reporting a vulnerability

At Numerico Technologies, we take the security of our website and software products very seriously. We recognize that no system can be 100% secure, and we are committed to promptly addressing any security issues that are reported to us by security researchers or other third parties.

To that end, we have established a coordinated vulnerability disclosure process, which outlines how we will receive, triage, and respond to reports of potential security vulnerabilities.

If you believe you have discovered a security vulnerability in our website or software products, we encourage you to report it to us in accordance with our disclosure process. This allows us to work with you to investigate and remediate the issue, while minimizing the risk of exploitation by malicious actors.

To report a vulnerability, please send an email to Numerico’s security team at security@numerico.tech, or create a ticket in our customer portal: https://numerico.atlassian.net/servicedesk/customer/portal/1. Please include a detailed description of the vulnerability, along with any steps necessary to reproduce it. We also encourage you to provide any supporting materials, such as proof-of-concept code or screenshots, to help us better understand the issue.

Upon receipt of your report, we will promptly acknowledge receipt and begin our triage process. This may involve reaching out to you for additional information or clarifications. Once we have verified the vulnerability, we will work with you to develop a timeline for remediation, and keep you updated on our progress.

As a token of our appreciation for responsible reporting, Numerico Technologies may offer monetary or non-monetary rewards to individuals who submit valid and useful reports. The decision to grant a reward is based on the impact and risk of the report and is made at the discretion of Numerico Technologies.

We are committed to working with the security community to ensure the safety and security of our customers and users. Thank you for your help in keeping our website and software products secure.

Out of scope are the following issues/vulnerabilities:

  • An anomaly that has no impact on availability, integrity or confidentiality of information.
  • The availability of version information on a static website.
  • The absence of HTTP security headers as used by Cross-Origin Resource Sharing, unless evident that this leads to a security issue.