Contact
Search
Created with Snap

Popular searches

Responsible disclosure

Image of a zebra
Image of a zebra

Overview

 

At Investec we take security very seriously and value contributions from the security community. The responsible disclosure of security vulnerabilities by the security community helps make the online world a safer place. So in order to facilitate us working together on responsibly disclosing any discovered vulnerabilities, we have provided the following guidelines: 

Guidelines

 

We require that security researchers:

  • Make every effort to avoid impacting the confidentiality, integrity or availability of Investec systems and data. 
  • Keep the details of any vulnerabilities confidential between Investec and yourself, until we have had 90 days to resolve the reported vulnerability.
  • Only exploit a vulnerability to the extent necessary to confirm that the vulnerability exists. e.g. do not attempt to pivot to other systems or extract more data than is required to establish that the vulnerability exists.
  • Only utilise the specified contact email address for communication regarding the reported vulnerability.

Reporting

If you believe you’ve found a security vulnerability, please let us know by sending a report to responsibledisclosure@investec.com.

In your report, please include a detailed description of the steps required to reproduce the vulnerability. 

Email us