News
cybersecurity Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 - The Hacker News ai Anthropic Adds Brand Controls, Code Sync to Claude Design - TechRepublic - Anthropic - Claude AI cybersecurity Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks - BleepingComputer cybersecurity INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 - The Hacker News ai Anthropic Lays Out Vision for How to Bolster AI Models’ Safety - Bloomberg.com - Anthropic - Claude AI ai Fable 5 ban: 4 open models responded before Anthropic could restore access - The New Stack - Anthropic - Claude AI cybersecurity DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic - The Hacker News cybersecurity Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp - BleepingComputer cybersecurity Get Out of Security Debt by Tackling the Exposure Problem - Dark Reading cybersecurity ShapedPlugin update flow hacked to infect WordPress sites - BleepingComputer cybersecurity Critical Cisco ISE Vulnerability Enables Remote Code Execution Attacks - CyberPress threat-intel F5 Patches NGINX Vulnerability Enabling Code Execution and DoS Attacks - GBHackers cybersecurity No Exploits Required - SecurityWeek cybersecurity Critical NGINX Flaw Fixed by F5 Allows Code Execution and Service Disruption - CyberPress cybersecurity Apple fixes Beats Studio Buds flaw that let hackers spy on conversations - BleepingComputer
1 / 15
All news ›

Responsible Disclosure Policy

Pro CISO® B.V. — Security Vulnerability Reporting

Report a vulnerability: security@prociso.com
We will acknowledge your report within 2 business days and keep you informed throughout.

Our Commitment

Pro CISO® B.V. takes the security of our systems and customer data seriously. We are ISO/IEC 27001:2022 certified and operate a formal Information Security Management System. Despite our best efforts, vulnerabilities may exist. We welcome responsible disclosure from the security community and commit to working with you transparently and in good faith.

Scope

This policy applies to vulnerabilities discovered in:

  • Our website: prociso.com and subdomains
  • The CA/CR® platform: cacr.prociso.com
  • Any other internet-facing systems operated by Pro CISO® B.V.

This policy does not cover vulnerabilities in third-party services or products we use but do not operate (e.g. Microsoft 365, cloud infrastructure providers).

What We Ask of You

  • Report the vulnerability to us promptly and in good faith at security@prociso.com
  • Give us reasonable time to investigate and remediate before public disclosure (we ask for a minimum of 90 days)
  • Do not access, modify, or delete data belonging to others
  • Do not perform denial-of-service attacks, social engineering, or physical security testing
  • Do not disclose the vulnerability to third parties before we have resolved it

What to Include in Your Report

  • A clear description of the vulnerability and the potential impact
  • The URL, system, or component affected
  • Step-by-step reproduction instructions
  • Any proof-of-concept code or screenshots (where relevant)
  • Your contact details so we can follow up

What We Commit to You

  • Acknowledge receipt of your report within 2 business days
  • Provide a preliminary assessment within 5 business days
  • Keep you informed of progress throughout remediation
  • Not pursue legal action against researchers who act in good faith and within this policy
  • Credit you publicly for the discovery (if you wish)

Out of Scope

The following are explicitly out of scope and should not be tested:

  • Denial-of-service or volumetric attacks of any kind
  • Automated scanning without prior permission
  • Physical security testing
  • Social engineering of Pro CISO® staff or customers
  • Vulnerabilities requiring physical access to a user's device
  • Self-XSS or issues only exploitable by an authenticated admin

Contact

Send all vulnerability reports to:

Pro CISO® B.V. - Security Team
security@prociso.com

For encrypted communication, please request our PGP key in your initial email and we will provide it promptly.