Log inBook a demo
Security

Responsible Disclosure Policy

Last updated: May 2026

At Current Software, the security of our platform and our customers' data is a top priority. We welcome and appreciate reports from security researchers and the broader community who help us identify potential vulnerabilities.

How to Report

If you believe you've found a security vulnerability, please email us at security@currentsoftware.com. Include as much detail as possible:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any relevant screenshots, logs, or proof-of-concept code

What to Expect

  • We will acknowledge your report within 3 business days.
  • We will keep you informed of our progress as we investigate and remediate the issue.
  • We aim to resolve confirmed vulnerabilities within 90 days, depending on complexity.

Scope

The following are in scope for responsible disclosure:

  • The Current Software web applications
  • Our public-facing APIs

The following are out of scope:

  • Third-party services we integrate with (e.g., payment processors, email providers, hosting infrastructure)
  • Social engineering or phishing attacks against our employees or customers
  • Denial-of-service (DoS/DDoS) attacks
  • Physical security issues
  • Issues in software or systems not owned by Current Software

Guidelines

We ask that you:

  • Act in good faith and avoid actions that could harm our users or disrupt our services.
  • Do not access, modify, or delete data belonging to other users.
  • Do not publicly disclose the vulnerability before we have had a reasonable opportunity to address it.
  • Comply with all applicable laws

Safe Harbor

If you conduct security research in accordance with this policy, we consider your research to be authorized. We will not pursue legal action against you for good-faith efforts to identify and report vulnerabilities. We ask that you contact us before engaging in any activity that might be inconsistent with or unaddressed by this policy.

Rewards

We do not currently operate a formal bug bounty program. However, we may offer recognition or rewards at our discretion for particularly impactful reports.

Credit

With your permission, we are happy to publicly acknowledge your contribution. Let us know in your report how you would like to be credited.