How to Report Security Questions or Vulnerabilities

Security is a top priority at Granicus. We appreciate and value our clients and partners as well as the security research community — those who cooperate with us to proactively and responsibly disclose security vulnerabilities so patches can be made available.

Who to Contact

If you have questions regarding potential vulnerabilities in a Granicus product, please contact us based on the following qualifications.

Granicus Customers

Submit a support ticket through the Customer Support Portal for any suspected security vulnerabilities in a Granicus product, service, or system.

Partners or Other Third Parties

Email findings to security-alert@granicus.com

Members of the Media

Please contact Madeline O'Phelan at madeline.ophelan@granicus.com.

Guidelines for Reporting

For the protection of our clients and our own systems and infrastructure, Granicus does not disclose or discuss security issues until our internal research is complete and any necessary patches are available.

We ask that all who report comply with the following guidelines when reporting a vulnerability:

Allow Granicus an opportunity to address a vulnerability within a reasonable period time
Do not publicly share information about the vulnerability prior to updates being available
Make a good faith effort to avoid privacy violations and destruction, interruption, or segregation of Granicus services or applications
Do not freely exploit, modify, or destroy data that does not belong to you

We are committed to working with those who report issues via these guidelines, and we aim to quickly resolve any issues (confirming the report within one week of submission).