Reporting Security Vulnerabilities

At Verint we support the security research community and welcome reports of vulnerabilities in our software and systems. We do not prosecute people who discover and report vulnerabilities to us responsibly. We treat all reports with high priority.

A security vulnerability is a weakness in the defenses of a network or application that could be used by an attacker to compromise the confidentiality, availability, or integrity of systems or data. Security researchers, industry groups, government organizations, and vendors should report potential vulnerabilities to Verint using the submission instructions below. Customers of Verint products or solutions and Verint partners may use the submission instructions below or contact Verint Support to report potential vulnerabilities.

Please note, Verint does NOT offer a bug bounty program or compensation for disclosure. With prior written approval, we publicly recognize individuals and organizations that contribute to the protection of our customers.

Security Vulnerability Submission

Direct those messages to security@verint.com.

It’s critical to include the following information in the email:

  • Your name and contact information
  • Organization (if applicable)
  • Verint products/solutions and versions affected
  • A detailed description of the potential vulnerability
  • Supporting technical details, including descriptions or examples of exploit/attack code, packet captures, and steps to reproduce the issue
  • Any known information about live exploits
  • Your disclosure plans, if any
  • Your desire for public recognition
  • Responsible Disclosure

We ask that you report vulnerabilities to us before making them public.

Please wait until we notify you that your reported vulnerability has been resolved before disclosing it to others. We take security issues very seriously, and as you know, some vulnerabilities take longer to resolve than others.

Do not engage in security research that has the potential to damage our systems or does actual damage to our systems. This includes any activity that has an impact to the availability of our systems, including the use of vulnerability scanning tools.

Never exploit a vulnerability you discover to view data or alter data without authorization.

If the Verint Information Security and Engineering teams determine that a reported issue is a security vulnerability, these teams will collaborate to implement compensating controls, remediate the issue, and inform customers and the party or parties responsible for responsible disclosure as necessary based on the risk associated with the vulnerability.

Recognition

With prior written approval, we like to thank the individuals or organizations for working with us to help protect our customers.