CIN7 is committed to resolving any issues that may compromise the security of our products and services as quickly as possible. We take security very seriously and protecting client data is one of our top priorities.
If you have discovered a security vulnerability, we would appreciate it if you could keep your findings strictly confidential and disclose the relevant information to us in a responsible manner, as described below.
If you think you’ve found a security vulnerability in one of the CIN7 family of products (CIN7 CORE, CIN7 OMNI, or CIN7 ORDERHIVE) or any other CIN7 product, services or online platform, please contact us immediately via email and encrypt your report with our PGP key:
Email contact: firstname.lastname@example.org
Please provide as much detail as possible. In particular, we would appreciate the following:
Please also advise if you have communicated the vulnerability to CERT or other parties and provide us with any reference numbers.
Please do not:
CIN7 does not waive any rights or claims with respect to such activities.
Please maintain confidentiality and not make your research public until we have completed our investigation and implemented patches or other mitigations. We will use the disclosure information you provide to enhance the security of our systems. We may also use the information in notifications to regulatory bodies, to comply with laws, and assist government or law enforcement agencies.
The CIN7 security team will endeavor to contact you within 72 hours of you reporting the security vulnerability and keep you informed on our progress toward resolving the vulnerability. We will notify you when the security vulnerability has been patched or mitigated, and add your name to our acknowledgments page if it is a valid high or critical vulnerability.
CIN7 thanks all security researchers and professionals who help improve the security of our products and services through our responsible disclosure program: