Responsible Disclosure Policy

At PegaSys, security is a priority. But regardless of how much effort we put into system security, there may still be vulnerabilities present. If you discover a vulnerability, we want to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

  • E-mail your findings to security@pegasys.tech. Provide sufficient information to reproduce the problem, so we can resolve it as quickly as possible.
  • Do not take advantage of the vulnerability you have discovered.
  • Practice responsible disclosure. That is, don’t reveal the problem to others until either:
    • We have released a fix for the disclosure, or
    • 90 days have passed, or
    • We waive responsible disclosure.

We will acknowledge receipt of your vulnerability report the next business day and send you regular updates about our progress.