Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.
Watch a Demo
The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you. More...
The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.
Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. More...
External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.
Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...
We believe all organizations should be able to protect themselves from even the most sophisticated attackers.
Contact usIf you believe you have discovered a vulnerability in the CyCognito platform or have a security incident to report, send us an email to report it. Upon receipt of your message we will send an automated reply that includes a tracking identifier.
We believe that vulnerability disclosure is a two-way street. Vendors, as well as researchers, must act responsibly. This is why CyCognito uses a 90-day disclosure timeline. We promptly notify vendors of vulnerabilities upon our discovery and validation with details normally shared in public with the defensive community after 90 days from our notification to the vendor, or sooner if the vendor releases a fix before that time.
If the 90-day timeline is due to expire on a weekend or US public holiday, the period will be extended to the next normal work day.
Before the 90-day deadline has expired, if a vendor lets us know that a patch is scheduled for release on a specific day that will fall within 30 days following the end of the 90-day period, we will delay the public disclosure until the availability of the patch.
When we observe a previously unknown and unpatched vulnerability in software under active exploitation (a “0day”), we believe that more urgent action—within 30 days—is appropriate. The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more devices or accounts may be compromised. As a result, after 30 days have elapsed without a patch or advisory, we will support researchers making details available so that users can take steps to protect themselves.
As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances. We remain committed to treating all vendors strictly equally. CyCognito expects to be held to the same standard.
This policy is strongly in line with our desire to improve industry response times to vulnerabilities, but also results in softer landings for vulnerabilities marginally over the 90-day timeline. We call on all researchers to adopt vulnerability disclosure policies as well. Reducing timelines for fixes will result in smaller windows of opportunity for vulnerabilities to be exploited.
CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.
Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.
For more information, follow us on Twitter @cycognito.
Privacy Policy Terms of Service Sitemap