Reporting security issues

Keeping customer data safe is our highest priority. We're constantly working to defend against new and evolving threats, so we genuinely value your input and feedback on our security.

Security researchers

We're always happy to collaborate with security researchers. You play a vital role in helping keep the internet safe. If you come across a security weakness that could affect Sensor Monitoring UK or our customers, please contact our support team.

Please note that the following types of issues are out of scope (so there's no need to report them):

• High-volume vulnerabilities (e.g. overwhelming our service with excessive traffic)
• TLS configuration vulnerabilties (e.g. TLS1.0/1.1 support, RC4/3DES support, weak Diffie–Hellman parameters etc.)
• Reports of divergence from "best practices" e.g. missing security headers (CSP, x-frame-options etc.) or email configuration (DMARC, SPF etc.)
• Reports of non-exploitable vulnerabilities

Reviewing security reports

We investigate every report and aim to respond as quickly as possible, usually within 24 hours.

Once we receive your report, we'll assess the impact on Sensor Monitoring UK. Then we'll work with you to make sure we fully understand the problem and fix it as soon as possible.