Up
Previous Next

Sheriff CSM™

How to Submit a Security Issue to Sheriff

We are always working to improve the security of our products. You, the Sheriff Cyber Security, LLC, community, aid our ability to deliver secure software for our customers — so thanks in advance!

Discovered a security vulnerability? Disclose it to us through our HackerOne program at https://hackerone.com/sheriff_security. You can find further information of what domains we currently undertake on this page.

What Vulnerability Information Are We Looking For?

When submitting an issue, please provide a technical description that allows us to assess exploitability and impact of the issue, and include the following where appropriate:

• Provide steps and any additional information we may need to reproduce the issue.

• If you are reporting cross-site scripting (XSS), your exploit should at least pop up an alert in the browser. It is much better if the XSS exploit shows the user's authentication cookie.

• For a cross-site request forgery (CSRF), use a proper CSRF case when a third party causes the logged-in victim to perform an action.

• For a SQL injection, we want to see the exploit extracting database data, not just producing an error message.

• HTTP request / response captures or simply packet captures are also very useful to us.

Please refrain from sending us links to non-Sheriff Cyber Security, LLC websites, or issues in PDF / DOC / EXE files. Image files are OK. Make sure the bug is exploitable by someone other than the user ("self-XSS").

Note: We are unable to respond to generic scanner reports. If you have had a security practitioner examine a generic scan report and they have isolated specific vulnerabilities that need to be addressed, we request that you report them individually.