As a security company, keeping our customers safe is Clear InfoSec’s primary concern. Clear InfoSec uses a Secure Development Lifecycle process to integrate security into its products from design, through development and release. However, sometimes vulnerabilities escape detection, or new exploits are released after the product is already on the market.
At Clear InfoSec we investigate all received vulnerability reports and implement the best course of action to protect our services and customers.
Identification and reporting a security vulnerability:
If you are a security researcher and have discovered a security vulnerability in our website or products, we appreciate your help in disclosing it to us in a responsible manner.
Privately share the details of suspected vulnerabilities with our Security Team here.
Clear InfoSec will review each submission to determine if the finding: (a) is valid and (b) has not previously been reported.
Clear InfoSec require security researchers to include detailed information with steps for Clear InfoSec’s Information Security Team to efficiently reproduce the vulnerability in order for a security researcher to be considered for monetary compensation.
In addition, to remain compliant with this Policy, security researcher(s) are prohibited from: