Cox Security: Responsible Disclosure Policy
Responsible Disclosure Philosophy
Cox is committed to the security and privacy of its customers, products, and services. We believe responsible disclosure of any security vulnerabilities identified by security researchers is an essential part of that commitment. Responsible disclosure requires mutual trust, respect, and transparency between all members of the security community. Together, we can achieve our common goal.
Cox accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Cox defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products, services, or customer information.
Our Compact with Researchers
How to Report a Suspected Vulnerability
Cox asks that security researchers share the details of any suspected vulnerabilities with Cox web properties or Cox-provided customer equipment via encrypted email to firstname.lastname@example.org, using the public key provided at the bottom of this page. The Cox Security team will acknowledge receipt of each vulnerability report within 2 business days, conduct a thorough investigation, and then take appropriate action. At a minimum, please include the following information with your initial submission:
Cox values the research community. Contributions from researchers like you can help protect the privacy and security of our customers! Cox does not offer a bounty program or provide compensation in exchange for security vulnerability submissions.