Vulnerability reporting

Evicertia is constantly adapting to the changing cybersecurity landscape, to stay ahead of new vulnerabilities and security trends that threaten our systems and applications.
However, keeping our customers and employee information safe and systems secure, is not achieved by technology alone, it involves training our employees, listening to our customers and auditing our partners.
For this reason, we allow our customers and partners to submit vulnerabilities and/or security events they may discover on any public-facing website or application owned, operated or controlled by Evicertia, in the staging domain (, that is used for testing purposes.
When performing any actions relating to your vulnerability submission, Evicertia requires you act in accordance with the following guidelines. Engaging in any activities that are inconsistent with applicable laws or this program may subject you to criminal and/or civil liabilities.
To remain in compliance with this program, you must not:

  • Run any sort of vulnerability testing outside the ‘’ domain;
  • Violate privacy;
  • Negatively impact the user experience;
  • Destroy or manipulate data;
  • Exfiltrate data under any circumstances, establish command line access and/or persistence, or “pivot” to other systems;
  • Once you’ve established a vulnerability exists or encountered personally identifiable, financial, proprietary information, or trade secrets you must stop your test and notify Evicertia immediately.

Do not perform any of the following actions:

  • Destruction, alteration, disclosure, or access denial of Evicertia or any customer data;
  • Causing or attempting to cause harm against Evicertia, Evicertia employees, affiliates, or customers;
  • Denial of service testing;
  • Social engineering (e.g. phishing) or any other non-technical vulnerability testing;
  • Intentionally accessing any data or information stored or transmitted by Evicertia other than what is absolutely necessary to validate the existence of the vulnerability;
  • Exfiltration of data; customer, financial, intellectual property, personally identifiable or otherwise;
  • Public disclosure of the vulnerability without Evicertia's written consent;
  • Intentional compromise of sensitive or confidential data, intellectual property or financial interests of Evicertia, its third parties or personnel.

To report a security vulnerability and/or any security event affecting Evicertia, please contact us at