Security

We recognise the importance of security and appreciate all efforts to help us improve it. To maintain a clear and focused purpose in our responsible disclosure policy, we define the following attacks as out of scope: 

DOS / DDOS: Attacks that aim to overload our systems or networks. 

Spamming: Unsolicited mass mailing of data or content. 

Social Engineering: Manipulation of individuals to reveal sensitive information or perform actions. 

Physical attacks on equipment or people: Attacks on physical devices or individuals. 

Already known vulnerabilities in non-applicable libraries: Vulnerabilities in third-party libraries that do not have a direct application in our service. 

Attacks that require physical access to an employee’s devices: Attacks that can only be performed with direct access to an employee’s physical devices. 

We encourage security researchers, users and anyone who discovers possible vulnerabilities in our system to report these to us in a responsible manner. This allows us to address potential threats before they can be exploited and improve security for all our users.

If you discover a potential vulnerability, we kindly ask you to: 

1. Do not exploit the vulnerability for malicious purposes: Do not use the discovery of the vulnerability to gain access, change or delete data, or interrupt the service.
2. Give us reasonable time to respond: Give us reasonable time to investigate and fix the vulnerability before publicly disclosing it. 
3. Contact us securely: Send a detailed report to us at admin(at)comasystem.dk with a description of the vulnerability, step-by-step instructions to reproduce it, and any support files you may have. 
4. Acknowledgement and recognition: We will acknowledge receipt of your report within 24 hours and we will recognise your efforts with either a financial or a material consideration, unless you wish to remain anonymous. 

We appreciate your help in making our service safer for everyone. Together, we can work towards protecting our systems and users from potential threats.