Contact us
Contact us

Vulnerability Disclosure

Introduction

At Pismo, cybersecurity is core to our values. We want to hear from you if you have information about potential security vulnerabilities in Pismo’s products, services, websites, or applications. We have established this Vulnerability Disclosure Program to facilitate our exchange of information about potential vulnerabilities, establish rules for vulnerability testing, and provide a Safe Harbor for individuals who follow these rules.

Expectations

When you report vulnerabilities to us, you can expect us to:
  • Extend a safe harbour to you for vulnerability reports submitted in accordance with our program rules.
  • Work with you to understand and validate your report, including a timely initial response to the submission.
  • Work to remediate discovered vulnerabilities in a reasonable manner.

Program rules

Please note that this Program should not be construed as encouragement or permission to hack, penetrate, or otherwise attempt to gain unauthorised access to Pismo applications, systems, or data. To avoid any confusion between good-faith reporting and a malicious attack, we ask that you:
  • Report any suspected or confirmed vulnerability you’ve discovered promptly
  • Do not violate the privacy of others, disrupt our systems, destroy data, and/or harm the user experience
  • Do not conduct social engineering (e.g. phishing, vishing, smishing)
  • If a vulnerability provides unintended access to data: cease testing and submit a report immediately (e.g., if you encounter any user data during testing, such as Personal Information, credit card data, or proprietary information) – you are not authorised to access any Pismo data
  • Provide us with a reasonable amount of time to remediate vulnerabilities.
  • Keep the details of any discovered vulnerabilities confidential.
  • Do not initiate any unauthorised financial transaction.
  • Only interact with accounts you own or with explicit permission from the account holder.
  • Do not violate any national, state, or local laws or regulations.

Safe harbour

Testing activities conducted in accordance with this Program are protected by a safe harbour, meaning that we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted in accordance with our Rules, we will take steps to make it known that your actions were conducted in compliance with Pismo’s Vulnerability Disclosure Program. In operating this Program, Pismo does not waive any rights it may have by not exercising (or delaying the exercise of) such rights. Additionally, should you violate the rules, Pismo retains all rights and other remedies available at law or in equity, including the rights to seek injunctive, specific performance or other equitable relief. Thank you for helping us keep Pismo customers and data safe. Please submit a report to us before engaging in conduct that may be inconsistent with our rules.

Report a vulnerability

Please send an email to [email protected] to submit a vulnerability report.

Platform

Platform overview

Card Issuing

Core Banking
Lending
Digital Wallets
Seller Management

Insights

Blog
Knowledge
Videos
Events

About us

Pismo
Investors
Partners
News
Newsletter

Security and Compliance

Privacy Policy
Code of Conduct and Ethics
Vulnerability Disclosure

Developers

Careers

Contact us

Linkedin logo
X logo

Pismo • All rights reserved