<img src="https://secure.leadforensics.com/144511.png" alt="" style="display:none;">
Request demo



Security is a top priority for Cognism because it’s fundamental to everything we do, our customers and our product. For this reason, we have implemented a number of security measures and we’re committed to securing application data, eliminating vulnerabilities and finally ensuring business continuity

For questions regarding security please email security@cognism.com.

Vulnerability Disclosure

If you would like to report a vulnerability or have any security concerns with any of Cognism products, please contact security@cognism.com

Include a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Vulnerability bounties (aka bug bounties) are determined on a case by case basis.

Rules for you
  • Don’t attempt to gain access to another user’s account or data.
  • Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
  • Don’t publicly disclose a bug before it has been fixed.
  • Only test for vulnerabilities on sites you know to be operated by Cognism.
  • Do not impact other users with your testing.
  • Don’t use scanners, scrapers or any other automated tools in your testing.
  • Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
  • When in doubt, contact us at security@cognism.com.
Rules for us
  • We will respond as quickly as possible to your submission.
  • We will keep you updated as we work to fix the bug you submitted.
  • We will not take legal action against you if you play by the rules.

What does not qualify?
  • Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari). Bugs related to browser extensions are also out of scope.
  • Bugs requiring exceedingly unlikely user interaction.
  • Submissions which don’t include steps to reproduce the bug, or only include those steps in video form.
  • Insecure cookie settings for non-sensitive cookies.
  • Disclosure of public information and information that does not present significant risk.
  • Bugs in content/services that are not owned/operated by Cognism.
  • Scripting or other automation and brute forcing of intended functionality.
  • When in doubt, contact us at security@cognism.com.
Out of Scope
  • https://wealth*.cognism.com
  • https://content.cognism.com
  • https://documentation.cognism.com
  • Clickjacking & Tabnabbing
  • https://cognism.com/*
  • Rate limit
  • Cipher Suite (TLS protocol)
Bug Bounty Awards:
  • Critical Severity Vulnerability: $1200
  • High Severity Vulnerability: $600
  • Medium Severity Vulnerability: $300
  • Low Severity Vulnerability: $150