Report a security flaw

Report a security flaw

Should you have discovered a security issue we kindly ask you to please report the issue to us such that we can adress the flaw. By reporting you help not only us but, more importantly, the individuals whose data is processed by our services and IT-systems.

This is a common function for several companies and websites in the Pulsen Group. This instruction refers to Pulsen AB, Pulsen Integration, Pulsen Omsorg, Pulsen Fastigheter, Pulsen Konferens and Shibuya.

 

This is how to report

Send an email to security@pulsen.se, please describe the vulnerability considering the following sections:

  • Detailed description of the identified issue
    • Place where in the environment the flaw can be found
    • Type of vulnerability, CSS, injection, etc.
  • Affected version and/or date
  • Step by step how to reproduce the error
    • Screenshots, screencasts, code snippets, parameters, etc.
  • Contact details including, name, email, phone, public PGP-key (if you like you can report anonymously)


What vulnerabilities can be reported

We thank you for reporting any security issue you find, those related to the services we provide and related the IT-environment as such. Examples of issues we would like to learn about include logical errors, erroneous configuration, bad use of crypto, cross site scripting, injection, etc.


What you can expect from us, once you reported the issue

We will confirm receiving the report and keep you informed about the handling all the way to the closure of the vulnerability.


Should the vulnerability jeopardize security/privacy for data subjects or our customers we will convey to them the issue. Correspondingly, we will report to concerned authorities as applicable.


Don't misuse your knowledge

Should there be a vulnerability in services or systems it is important that you do not misuse your knowledge or the vulnerabilities, this is particularly important for those whose data are processed in our services and systemets.


  • Don't access information you are not authorized to.
  • Don't delete or alter information you are not authorized to.
  • Don't affect the availability of services or systems.
  • Provide us reasonable time for fixing the issue before telling anyone else.


PGP key

https://pulsen.se/security_a_pulsen.se Text file, 2.4 kB.