Reporting Vulnerabilities

We value the expertise and help of the cyber security community in helping us maintain our high security standards. You can use this site to report any suspected security vulnerabilities related to our services or products. If you want to report any other type of issue not related to security, please refer to the Contact us page.

Rules of Engagement

Vulnerability Disclosure Policy Guidelines

As a responsible member of the cyber security community, your expertise can help us fix potential issues faster and more effectively. If you find a suspected vulnerability relevant to Emeritus, please let us know so we can fix the problem as soon as possible.

Finder Responsibilities1

  • Do submit your reports in English
  • Do exercise caution and restraint with regard to personal data and do not intentionally engage in attacks against third parties, social engineering, denial-of-service attacks, physical attacks on any Emeritus property or spamming or otherwise causing a nuisance to other users.
  • Do provide Proof-of-Concept or sufficient information to enable reproduction of the vulnerability, so that it can be verified, reproduced, and possible remedies identified. Generally, identification of the vulnerable target, a description of the vulnerability and operations carried out to exploit the vulnerability are sufficient, but more details and information might be required in the case of complex vulnerabilities.
  • Do not abuse the vulnerability by causing disruption through your actions.
  • Do not share information about the vulnerability with others until it has been resolved in accordance with the Emeritus Responsible Disclosure policy timeframes.
  • Do submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

Emeritus Responsibilities2

  • Treat submitted reports confidentially and will not share the finder’s personal details with third parties without their authorization unless required in order to do so to comply with legal obligations.
  • Resolve all submitted reports as quickly as possible.
  • Emeritus do not operate a bug bounty or hall of fame programme.

Reporting Other Non-Vulnerability Issues3

If you want to report any other type of issue not related to security, please refer to the support or contact pages of the relevant Emeritus Local Market, Emeritus Partner Market, or Emeritus Business website.

How to Report a Vulnerability3

Please help us by providing as much information as possible about the problem you have discovered. If you have not yet done so, please remember to review our rules and guidelines previously announced before submitting the information here.