Simons places great importance on information security and the privacy of its customers and
partners. We are grateful for the efforts of security researchers, who report any potential
vulnerabilities to us.
We encourage security researchers to confidentially disclose potential vulnerabilities that could
affect our digital products. However, testing must be performed on the latest version of the
application or website so that it may be eligible for our vulnerability disclosure program. We cannot
accept vulnerability reports on obsolete versions of our digital products. Simons asks those who
report vulnerabilities to keep them confidential for at least 90 days after the issue report has been
acknowledged as received.
We do not offer financial compensation or reward of any kind to researchers who find proven
vulnerabilities.
We ask that you not:
Our security.txt. file details all vulnerability reporting methods.
Please send a detailed report to the following email address: [email address].
Please provide as much information as possible, including:
After submitting your report, a member of our team will respond within 15 business days. We will
also try to keep you informed of our progress.
We will notify you when the reported vulnerability is corrected and may ask you to provide more
information about it. In addition, we may contact you to confirm that the chosen solution
adequately resolves the vulnerability.
We commit to protecting the privacy of individuals who report vulnerabilities. We will not disclose
your name or email address unless you expressly authorize us to do so. If you prefer to remain
anonymous, we will respect your wishes and not disclose your identity.
We will not take legal action against security researchers who report vulnerabilities in good faith and
keep them confidential for at least 90 days. We commit to working with researchers to understand
and resolve safety issues.
This policy is intended to be consistent with current best practices for vulnerability disclosure. It
does not give you permission to act in an illegal manner or in a way that could cause our
organization or our partners to violate any legal obligation.