Responsible Disclosure Policy.

RESPONSIBLE DISCLOSURE POLICY

CM.com is a listed company that provides Conversational Commerce services from its privately owned cloud platform with 100% in-house developed software. We believe that mobile communication will result in mobile commerce. Therefore, we continuously develop our private cloud platform, shaping the future of Conversational Commerce.

We aim to be flexible, scalable and fast at delivering the services to our customers, while maintaining the highest standards in security and compliance. Therefore, all software on CM.com’s platform is designed and developed by our own staff. The platform runs on own and self-operated servers and software and is hosted in both our own data centers and external data center locations of top-tier certified suppliers.

Providing an online infrastructure for communication and payments comes with great responsibility. Therefore, ensuring the availability, integrity and confidentiality of our platform is CM.com’s top priority. CM.com greatly values the safety and integrity of its platform. Our IT department is active 24/7 to monitor security and meets the requirements set for appropriate technical and organizational measures.

Despite the effort we put into the security of our systems, there may still be vulnerabilities.

Reporting Suspected Vulnerabilities

Have you discovered any vulnerabilities in our systems? Please help by reporting these vulnerabilities to us, so that we can improve the safety and reliability of our systems together. If you would like to report a vulnerability or have a security concern regarding the website of CM.com or its services, please email [email protected].

A team of security experts will investigate your finding(s) (include your steps to reproduce your finding(s) or your proof of concept). You will receive an initial reply by e-mail within five working days. We will treat your report confidentially and will not share your personal data with third parties without your permission. We will keep you informed about the progress of solving the problem. As we would like to encourage you to share vulnerabilities with us, we can offer a reward to thank you for your help when it concerns a significant report of a security issue that is as yet unknown to us.

Please note: when going public with your finding(s) before we have fixed it will exclude you from a reward. 

Rules

• Don't abuse any vulnerabilities. Please make sure that you do not cause any damage with the vulnerability you have discovered. Under no circumstances may your actions lead to a deliberate interruption of the services or to disclosure of client data.

• Please refrain from using social engineering to gain access to a system and/or do not use automated scanners to detect vulnerabilities.

• Limit the use of a vulnerability to an absolute minimum. Do only what is necessary to establish the vulnerability.

• Do not make any system changes or remove/copy any data from the system.

• You shall not post or share any information about a potential vulnerability in any public setting until we have researched, responded to and addressed the reported vulnerability.

Is this region a better fit for you?

Go