Responsible disclosure

Coffee Break Demo

Put your feet up and enjoy this live Q&A

Learn how Sage Intacct helps you drive improved business performance — throughout your entire organization.

30 minute demo | Daily 9:00 am PT / Noon ET

Have you discovered a vulnerability? We would like to hear from you.

Sage Intacct considers the security of our systems, network and data to be of the utmost importance. We believe good security is essential to maintain our customers' and partners' trust. Despite the care invested in the security of our systems, it is still possible vulnerabilities exist.

In the spirit of responsible disclosure, we ask anyone who has discovered a vulnerability to report it to us as quickly as possible, so that we can respond and address it in a timely manner.

Our responsible disclosure policy is not an invitation to actively scan or conduct hacking activities on our company network and application to discover vulnerabilities, as we are already monitoring our network. However, if you stumble upon or are otherwise made aware of a vulnerability, we would like to know.

If you are visiting this page due to discovering a vulnerability, we ask that you:

  • Report your discoveries as quickly as possible to [email protected]
  • If you would like to encrypt your finding, please inform us in your initial e-mail and we will provide instructions on how to communicate with us in a secure manner;
  • Provide us with enough information to reproduce the vulnerability, so that we can solve it as quickly as possible. Usually the IP address or URL for the affected system and a description of the vulnerability are enough, but more complex vulnerabilities may require additional information;
  • Not abuse or take advantage of the vulnerability by downloading, viewing, deleting or editing data;
  • Not share vulnerabilities with others. If you have inadvertently obtained confidential information, we ask that you delete the data immediately;

What can you expect:

  • We will always take your report seriously. We will also investigate any suspected vulnerabilities;
  • We will reply to your report without undue delay with our evaluation of your finding and if applicable, a timeline for when any vulnerability will be addressed;
  • We will keep you informed of the progress made in addressing the vulnerability;
  • If you abide by the conditions stipulated above, then we will not take legal action against you pertaining to the report.
  • We will treat your report as confidential, and will not share your personal data with third parties without your permission unless required to do so by law;
  • If you submit an anonymous report, we may not be able to contact you with information about the subsequent steps and the progress made in solving the vulnerability;
  • We may express our appreciation with a donation to a charity of your choosing. Unfortunately, we are unable to extend a monetary reward directly to you. Any donations we make must comply with our internal policies, which generally do not permit donations to political or religious organizations;
  • At your request, we can mention your name as the person who discovered the vulnerability in any communications about the incident.

This responsible disclosure policy is based on the Responsible Disclosure Guideline published by the National Cyber Security Centre, and the sample Responsible Disclosure located at responsibledisclosure.nl.