Security at CLARK

Our Vulnerability Disclosure Program

Providing a secure service for our customers is a top priority for us. In addition to our own security measures we work with security researchers across the globe to detect and fix vulnerabilities together with our Partners Yogosha and Blaze.

Spotting Vulnerabilities

If you have discovered a vulnerability in our applications or another serious security issue, please submit it via yogosha.

Disclosure Policy

Learn more about which of our applications are open to security research and vulnerability testing.

Get in Contact

Questions regarding the policy and our program can be directed to our security team.

Time to Fix

From the time we receive the report to the time we confirm to you that the finding has been fixed, this is timeframe you can expect from us.

Of course, some findings might take longer to fix based on their complexity, but we will stay in touch to find the best mitigation in the meantime.

Disclosure Process Timeline

  1. Within a week, we will acknowledge that your report has been received.
  2. Within 2 weeks, we will triage your report and accept or decline it.
  3. To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
  4. We will maintain an open dialogue to discuss issues.

Rewards

At this time, we are only running a Vulnerability Disclosure Program and do not offer cash rewards. This page will be updated as soon as we move to a Bug Bounty program with cash rewards.

In order to thank you by the means we can, we will in the meantime:

  • Add you to our Hall of Fame, given that we confirmed the vulnerability and you want to be recognized!
  • Send you a Thank You Box of CLARK goodies, given that you can share an address with us.

About CLARK

Help us build a better digital experience for insurances

Since 2015 CLARK provides desktop and mobile applications that allow users to discover, buy, switch, analyze – in short, manage – insurances.

Providing a secure and highly-trusted platform for insurance management is our core mission.