Kigen takes security issues extremely seriously and welcomes feedback from security researchers to improve the security of its services. We operate a policy of coordinated disclosure to address reports of security vulnerabilities and issues.
To report a suspected security issue privately to us, please send an email to security-research-alert@kigen.com, giving as much detail as you can.
We will respond to you as soon as possible. If the suspected security issue is confirmed, we will then come back to you with an estimate of how long the issue will take to fix. Once the fix is available, we will notify you and recognize your efforts on this page.
We encourage the responsible disclosure of security vulnerabilities through our defined process, but we do not operate a bug bounty program.
Whilst we encourage the investigation of potential security vulnerabilities, we cannot condone any activities that might interfere with legitimate users, which might contravene applicable computer/device misuse and data protection legislation, or violate any local legislation or regulations and third-party rights, including confidentiality and data privacy.
For that reason, the following activities are prohibited:
Kigen recommends that all vulnerability disclosure submissions be encrypted, but the use of encryption is at the discretion of the finder. To submit documents or other attachments and obtain PGP details, please contact security-research-alert@kigen.com
Our team at Kigen strives to provide the most actionable information to help you make appropriate risk-based decisions. Below you will find Kigen’s response with contextual information and available fixes to any vulnerabilities affecting Kigen’s products or those that may be of interest to wider Kigen ecosystem.
Wherever possible, we aim to work with reporters to coordinate the public disclosure of an issue and, upon request, will acknowledge the reporter of a vulnerability in our public security bulletins.
Credit to the people who have helped make our services more secure by making a coordinated disclosure with us will appear below.
All information provided is subject to Kigen Security Legal Notices and Disclaimers.