News
cybersecurity Shifting Budget Dynamics for Identity Security and AI Agents - Dark Reading ai Anthropic rolls out Claude integrations for Microsoft Office apps - Crypto Briefing - Anthropic - Claude AI ai Musk v. Altman week 2: OpenAI fires back, and Shivon Zilis reveals that Musk tried to poach Sam Altman - MIT Technology Review ai Anthropic Targets $1T Valuation as Investors Chase Claude’s Enterprise Growth - Bitcoin News - Anthropic - Claude AI ai Anthropic’s Natural Language Autoencoders Decode Claude’s Internal Thoughts As Text - Quantum Zeitgeist - Anthropic - Claude AI ai Code For America partners with Anthropic on AI tools for SNAP caseworkers - StateScoop - Anthropic - Claude AI ai Akamai stock jumps on $1.8 billion AI deal with Anthropic - The Boston Globe - Anthropic - Claude AI ai Anthropic Finds AI Enables Previously Impractical Work - Let's Data Science - Anthropic - Claude AI cybersecurity ShinyHunters Claims Second Attack Against Instructure - Dark Reading ai Anthropic reportedly signs $1.8Bn deal with Akamai as global AI compute race intensifies - The Tech Portal - Anthropic - Claude AI ai Government pushes Anthropic to host Claude AI models locally: Report - MSN - Anthropic - Claude AI cybersecurity Chaos erupts as cyberattack disrupts learning platform Canvas amid finals - Ars Technica Security ai Anthropic Launches Claude AI Inside Microsoft Word Excel and PowerPoint with Outlook Beta - Technobezz - Anthropic - Claude AI cybersecurity TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms - The Hacker News ai A company tested Claude Mythos Preview. It says the AI found hundreds of bugs, including 1 that had existed for 20 years - AOL.com - Anthropic - Claude AI
1 / 15
All news ›

Responsible Disclosure Policy

Pro CISO® B.V. — Security Vulnerability Reporting

Report a vulnerability: security@prociso.com
We will acknowledge your report within 2 business days and keep you informed throughout.

Our Commitment

Pro CISO® B.V. takes the security of our systems and customer data seriously. We are ISO/IEC 27001:2022 certified and operate a formal Information Security Management System. Despite our best efforts, vulnerabilities may exist. We welcome responsible disclosure from the security community and commit to working with you transparently and in good faith.

Scope

This policy applies to vulnerabilities discovered in:

  • Our website: prociso.com and subdomains
  • The miniGRC platform: minigrc.prociso.com
  • Any other internet-facing systems operated by Pro CISO® B.V.

This policy does not cover vulnerabilities in third-party services or products we use but do not operate (e.g. Microsoft 365, cloud infrastructure providers).

What We Ask of You

  • Report the vulnerability to us promptly and in good faith at security@prociso.com
  • Give us reasonable time to investigate and remediate before public disclosure (we ask for a minimum of 90 days)
  • Do not access, modify, or delete data belonging to others
  • Do not perform denial-of-service attacks, social engineering, or physical security testing
  • Do not disclose the vulnerability to third parties before we have resolved it

What to Include in Your Report

  • A clear description of the vulnerability and the potential impact
  • The URL, system, or component affected
  • Step-by-step reproduction instructions
  • Any proof-of-concept code or screenshots (where relevant)
  • Your contact details so we can follow up

What We Commit to You

  • Acknowledge receipt of your report within 2 business days
  • Provide a preliminary assessment within 5 business days
  • Keep you informed of progress throughout remediation
  • Not pursue legal action against researchers who act in good faith and within this policy
  • Credit you publicly for the discovery (if you wish)

Out of Scope

The following are explicitly out of scope and should not be tested:

  • Denial-of-service or volumetric attacks of any kind
  • Automated scanning without prior permission
  • Physical security testing
  • Social engineering of Pro CISO® staff or customers
  • Vulnerabilities requiring physical access to a user's device
  • Self-XSS or issues only exploitable by an authenticated admin

Contact

Send all vulnerability reports to:

Pro CISO® B.V. - Security Team
security@prociso.com

For encrypted communication, please request our PGP key in your initial email and we will provide it promptly.