Skip to content
Use Cases
Sales
Marketing
RevOps
GTM Leaders
Products
Prospector
Enhance
Chrome Extension
Intent Data
Integrations
Why Cognism
Why Sales Intelligence
ROI
Data
About our data
Contact
Context
Compliance
Success Stories
Case Studies
Customer Reviews
Cognism Champions
Links
All Resources
Blog Books & Reports Checklist & Templates The Demand Gen Playbook Course
SDR Zone Podcasts Newsletters Webinars
Interactive Resources
Free Product Tours ROI Calculator
TAM Calculator Cognism Signatures
CTA
Links
About Us
Careers
Partnerships
CTA

Bug Bounty Program

About

Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product. For this reason, we have implemented a number of security measures and we’re committed to securing application data, eliminating vulnerabilities and finally ensuring business continuity

For questions regarding security please email security@cognism.com.

Vulnerability Disclosure

If you would like to report a vulnerability or have any security concerns with any of Cognism products, please contact security@cognism.com

Include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Vulnerability bounties (aka bug bounties) are determined on a case-by-case basis.

Rules for you

  • Don’t attempt to gain access to another user’s account or data.
  • Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
  • Don’t publicly disclose a bug before it has been fixed.
  • Only test for vulnerabilities on sites you know to be operated by Cognism.
  • Do not impact other users with your testing.
  • Don’t use scanners, scrapers or any other automated tools in your testing.
  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
  • When in doubt, contact us at security@cognism.com.

Rules for us

  • We will respond as quickly as possible to your submission.
  • We will keep you updated as we work to fix the bug you submitted.
  • We will not take legal action against you if you play by the rules.

What does not qualify?

  • Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari). Bugs related to browser extensions are also out of scope.
  • Bugs requiring exceedingly unlikely user interaction.
  • Submissions which don’t include steps to reproduce the bug, or only include those steps in video form.
  • Insecure cookie settings for non-sensitive cookies.
  • Disclosure of public information and information that does not present significant risk.
  • Bugs in content/services that are not owned/operated by Cognism.
  • Scripting or other automation and brute forcing of intended functionality.
  • When in doubt, contact us at security@cognism.com.

Out of Scope

  • https://wealth*.cognism.com
  • https://content.cognism.com
  • https://documentation.cognism.com
  • https://www.cognism.com/cognism-signatures
  • Clickjacking & Tabnabbing
  • https://cognism.com/*
  • Rate limit
  • Cipher Suite (TLS protocol)

Bug Bounty Awards:

  • Critical Severity Vulnerability: $1200
  • High Severity Vulnerability: $600
  • Medium Severity Vulnerability: $300
  • Low Severity Vulnerability: $150