As a security company, keeping our customers safe is Clear InfoSec’s primary concern. Clear InfoSec uses a Secure Development Lifecycle process to integrate security into its products from design, through development and release. However, sometimes vulnerabilities escape detection, or new exploits are released after the product is already on the market.
At Clear InfoSec we investigate all received vulnerability reports and implement the best course of action to protect our services and customers.
If you are a security researcher and have discovered a security vulnerability in our website or products, we appreciate your help in disclosing it to us in a responsible manner.
Privately share the details of suspected vulnerabilities with our Security Team here.
Clear InfoSec will review each submission to determine if the finding: (a) is valid and (b) has not previously been reported.
Clear InfoSec require security researchers to include detailed information with steps for Clear InfoSec’s Information Security Team to efficiently reproduce the vulnerability in order for a security researcher to be considered for monetary compensation.
In addition, to remain compliant with this Policy, security researcher(s) are prohibited from:
• Accessing, downloading, or modifying data, that does not belong to security researcher(s)
• Executing or attempting to execute any “Denial of Service” (DoS) or related attack against any Clear InfoSec website, product or service.
• Posting, transmitting, uploading, linking to, sending, or storing any malicious software on or to any Clear InfoSec website or service.
• Testing any suspected vulnerability in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, or any other form of unsolicited message to our employees and customers.
• Testing any suspected vulnerability in a manner that would degrade or negatively impact the operation of any Clear InfoSec service or system; and/or
• Testing third-party applications, websites, or services that integrate with or link to any Clear InfoSec website or services.
• Provide prompt acknowledgement of receipt of your vulnerability report (within 48 business hours of submission)
• Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together.
• Allow Clear InfoSec an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, to ensure that Clear InfoSec has developed and thoroughly tested a patch and made it available to our customers at the time of disclosure.
• Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated.
• Publicly acknowledge your responsible disclosure (if you wish credit for such disclosure)
Out of Scope: