Report Security Issue

We Value Your Concerns

We value your privacy and aim to keep your information private and secure. We appreciate all security concerns brought forth and are striving to keep on top of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at Cision. Every day new security issues and attack vectors are created. We strive to keep abreast of the latest state-of-the-art security developments. If you have discovered a potential security issue with our product, we kindly ask you to let us know as soon as possible.

How To Report Security Issues

When reporting potential issues, please try to be as thorough as possible, providing us enough information so that we can recreate your findings. Make sure you include a code sample and screencast that clearly demonstrates the exploit you have found. If you are using automated tools to find vulnerabilities, please be aware that these tools often report false positives. Most times, it is insufficient to find the vulnerability and provide basic information on the vulnerability. You should explain how the vulnerability can be used to impact user data or our systems. As an example, if you find a clickjacking vulnerability, please clearly show us what end-user sensitive action the end-user can be tricked into performing.

Where to report Security Issues

Please summarize your findings in an email to InfoSec@cision.com. If possible, please encrypt the email by using our PGP Public Key mentioned below.

What Happens Afterwards?

Once you have submitted a security concern, we commit to the following:

• We will immediately take steps to identify if the concern is a legitimate issue and determine its severity.
• We will contact you about our investigation and progress.

Cision Bug Bounty Program

We encourage responsible disclosure of security bugs.  While we do not offer monetary compensation, eligible reports will be publicly acknowledged on our Security Researchers Thank You page.