CCleaner - Responsible Disclosure Policy
Please contact us if you have found a security vulnerability.
It is our mission to keep our users safe online by providing secure products to protect them and maintain their privacy. We constantly monitor and test our systems but are aware that as a global software company, we will always be a popular target for cybercriminals. We run a responsible disclosure program that offers a reward for anyone finding and reporting to us a vulnerability in our products, website, or system. We take all reports regarding a security issue seriously and will work with you to thoroughly analyze your findings.
If you find any indications of a vulnerability in any of our systems, we kindly ask you to inform us as soon as possible and not to disclose externally until you have done so. This is to ensure that we protect our users by preventing a malicious actor from taking advantage of the situation.
Please follow these steps to make a report:
- Report any indications for a potential security vulnerability to CCleaner by emailing firstname.lastname@example.org. You can submit this information anonymously.
- Provide detailed information about your findings (including available indications, for example, IP addresses, logs, screenshots).
- Do not take advantage of the vulnerability or the problem you have discovered, (for instance, attempt to capture, change or delete any more data than necessary to demonstrate the vulnerability).
- Please do not disclose information about the vulnerability publicly until we have taken action to remediate it.
Once you report a vulnerability to us, we will respond within two business days to work with you on evaluating the issue and determining next steps.
- We will handle your report with strict confidentiality, and will not pass any of your details to any third party without your explicit permission.
- We will keep you informed of progress as we resolve the issue.
- With your permission, we will credit you by giving your name as the discoverer of the problem (unless you do not want us to), and you will be a proud member of our hacker hall of fame.
In gratitude, we will happily provide Avast swag or other token of our appreciation, with the value depending on the severity of the vulnerability reported and the quality of your report.