Click Studios
Reporting a Security Issue
At Click Studios, we are committed to delivering a secure and resilient Enterprise Password Management solution. Security is at the core of our development process, and we continually strive to mitigate risks. However, given the dynamic and evolving nature of cybersecurity, vulnerabilities may occasionally surface.

If you have identified a potential security vulnerability within Passwordstate, we encourage you to report it to us promptly. Please submit your findings via Report a Security Issue, ensuring that your report includes the following:

  • Detailed Proof-of-Concept (PoC): Providing reproducible steps, code samples, and screenshots to help us verify and assess the issue.
  • Impact Analysis: An explanation of how the vulnerability could affect customers, including potential risks and real-world implications.

Our Security Assessment Process

Upon receiving your report, our Lead Development Team and Security staff will follow a structured approach to assess and address the issue:

  • Verification & Reproduction: We will validate the reported vulnerability to confirm its authenticity.
  • Severity Classification: The issue will be assessed using the Common Vulnerability Scoring System (CVSS 3.1) to determine its impact.
  • Risk Mitigation Planning: Recommendations from your report will be considered, and our Lead Development Team will define an appropriate remediation plan.
  • Resolution & Communication: We will keep you informed throughout the process and notify you once a fix has been deployed.

Responsible Disclosure & Confidentiality

We kindly request that all reported vulnerabilities and related communications remain confidential until a resolution has been implemented. Click Studios follows a responsible disclosure policy, ensuring that security gaps are addressed without exposing customers to undue risk.

Legal & Ethical Considerations

Any attempt to exploit a vulnerability beyond what is necessary for responsible disclosure, such as unauthorized access, data exfiltration, or system disruption, may result in legal action. Any such activities that compromise customer data or internal systems will be considered misconduct and may lead to civil or criminal liability.

We appreciate your collaboration in maintaining the security of Passwordstate and thank you for helping us uphold the highest standards of enterprise security.