Security

Security and Vulnerability Reporting

We want to keep Pareto Security safe for all users. Publicly disclosing a vulnerability can put the entire Pareto Security community at risk. If you've discovered a vulnerability in the system, we appreciate your help in disclosing it to us in a responsible manner.

Most security issues we receive are fixed and resolved within 24 hours. For more information read our disclousure policy.

Independent Third-Party Audits

We also put the platform through regular third-party audits to check for vulnerabilities in the system.

Vulnerability Reports

All current vulnerability reports and official audits, ordered by date of disclosure.

Date Reporter Vulnerability Resolution
September 2021 rokki.ch Missing /security.txt Published a signed security.txt file at paretosecurity.com/security.txt.
February 2022 User Browser Security Headers for dash.paretosecurity.com are not set Added appropriate browser headers to get "Grade A" on SecurityHeaders.com.

Contact Us

If you found a vulnerability in the system, please contact us and provide as much information as possible following our disclousure policy.

See code on GitHub