Cylance® encourages researchers to follow responsible disclosure procedures when reporting security issues in our products, services, websites, or infrastructure. Cylance is committed to engaging with the research community in a positive, professional, mutually beneficial manner that protects our customers.
The Cylance® Security Response Team strives to:
As a standard practice for protecting our customers, Cylance® will not confirm, discuss, or disclose any security issue or vulnerability until a fix has been released on all affected products, or implemented in the service(s), website(s), or infrastructure except with the reporting researchers and our vulnerability reporting service, HackerOne.
Cylance®, in partnership with BugCrowd and HackerOne, is committed to working with researchers who adhere to responsible disclosure in a respectful engaged manner to quickly address security vulnerabilities.
If you have information about a vulnerability with a Cylance® product, service, website or infrastructure, please contact us through either of our bug bounty programs hosted on:
Cylance is committed to awarding researcher equally regardless of the platform they chose to use.
We will, however, only pay for first discovery once between platforms.
Security issues (active compromise or attacks) should be reported to Cylance® directly at: email@example.com. Please refrain from sending sensitive details in the initial email; we will send you a PGP key to use in follow-up communications.
The Cylance® security team is dedicated and focused on improving the security of Cylance products and services. We appreciate any submissions but ask that you use firstname.lastname@example.org address only for direct security issues in Cylance® products or services. Some examples of things we do not directly handle include:
If you are looking for general support, please engage with our support team: www.cylance.com/support