At Prima, we take the security of our systems and data very seriously. We recognize the valuable role that security researchers and members of the public play in helping us identify and address potential security vulnerabilities. We encourage responsible disclosure of any vulnerabilities found in our systems, applications, or services to help us maintain the highest level of security for our customers.
This policy applies to all Prima systems, applications, and services, including third-party systems that we use. We reserve the right to update or modify this policy at any time without prior notice.
If you have identified a potential vulnerability, we encourage you to report it to us as soon as possible, following these guidelines:
To report a potential vulnerability, you can send us an email to firstname.lastname@example.org, following the guidelines from the previous section.
If you don’t feel comfortable sharing this information via plain text email, you can contact us at the same email address, and we will coordinate the establishment of an alternative secure channel.
If you have followed the instructions above, we will not take any legal action against you concerning the report.
We will not pass on your personal details to third parties without your permission, unless it is necessary to comply with a legal obligation. Remember that we also accept reports under a pseudonym or anonymous.
Please note that Prima does not currently offer bounties or have a Hall of Fame for security researchers who report vulnerabilities. We appreciate and encourage responsible disclosure of vulnerabilities, but we cannot offer monetary or other rewards for such disclosures.