SecurEnvoy is a trusted provider of Identity Management. Across five continents, their customers benefit from rapid deployments that scale through instant provisioning, simplicity of use and ease of management.
SecurEnvoy’s mission is to provide the best identity protection and intelligence solution in the security industry and we encourage and appreciate positive interactions with security researchers to ensure that our solutions maintain security standards.
Please contact firstname.lastname@example.org and we will treat all reports with utmost importance while we evaluate the impact it could have for our customers.
During this process, SecurEnvoy will communicate as promptly as we’re able, until completion of our investigation and any necessary remediation. We thank you for your time & expertise to improve the security of our company and customers.
SecurEnvoy does not operate a bug bounty program at this time, but may choose to reward reporters of issues in some cases, at our discretion.
Each of our releases undergoes a rigorous testing environment to ensure we exceed the security expectations of our clients and customers. This testing includes a Penetration Test to provide our clients assurance over risks in this latest release. Our test consultants hold numerous CREST certifications, including CREST Certified Tester, CREST Registered Tester and CREST Certified Simulated Attack Manager, amongst other industry recognised certifications.
Notifying SecurEnvoy prior to releasing information publicly about a vulnerability is standard practice in the security industry and is known as “responsible disclosure.” This advance notice allows SecurEnvoy to research, fix and disclose known vulnerabilities to its customers in a manner that protects SecurEnvoy end-users before computer criminals are notified of their existence – keeping the Internet safer for business.
We appreciate your assistance in ensuring that SecurEnvoy products and services are secure.
To ensure a great experience with SecurEnvoy, we ask that researchers follow these simple rules of engagement to limit the potential that company and/or customer data may be at risk:
For an Online Service Security Issue…
For a Packaged Software Security Issue…
For ALL Security Issues, Please Also Include…
SecurEnvoy will acknowledge receipt of a report within 48 hours and ask that you give us reasonable time to investigate and mitigate an issue before making public any information about the report or sharing such information with others.
It is possible that SecurEnvoy will need to follow-up with additional questions to ensure we understand the report and impact clearly.
Once a reported issue has been validated and remediated, SecurEnvoy will provide a public announcement to its customers and publish through the website/blogs and update relevant release notes.
Get in touch with our sales team to book a demo, request a 30-day trial, or just to chat about how we can help you.