For a better browsing experience and to benefit from all the features of credit-agricole.com, we advise you to use the Edge browser.
  • Text Size
  • Contrast

Vulnerability Disclosure Policy

 

We consider the security of our clients to be one of our top priorities. That's why we design products and services of the highest quality and reliability possible. Despite our efforts to implement the best possible security measures, vulnerabilities may still be present in our products, services, and systems.

This document outlines the policy of the Crédit Agricole Group regarding the receipt of reports on potential vulnerabilities in its products and services concerning security.

Everyone is encouraged to report identified vulnerabilities, regardless of the type of service or product. Researchers, partners, CERTS, clients, or any other source is welcome to report vulnerabilities.

 

How to report a potential security flaw?

For any vulnerability disclosure, please fill out the form https://notrevdp.vulnerability-disclosure.com/

To enhance vulnerability handling and identification, please include as much available information as possible. Please refrain from including personal data in your reports, except for the information necessary to contact you.

The processing is solely intended for reporting security vulnerabilities in services. It does not involve technical support information regarding our services. Any content other than specific security vulnerabilities of our services will not be processed.

 

Processing your disclosure

Following your disclosure, our teams will analyze its content to validate the vulnerability qualification as quickly as possible. The Crédit Agricole Group will then engage in a dialogue to discuss the identified issues and keep you informed at each stage of the investigation.

Furthermore, no remuneration is provided under this program, even if the vulnerability flaw is confirmed. For security reasons, no publication of vulnerabilities and their resolution will be made.

The Crédit Agricole Group remains the sole judge of the vulnerability classification and the resulting risk categorization. The processing and resolution timeframe for vulnerabilities remain at the discretion of the Crédit Agricole Group.

 

Disclosure Requirements

By submitting your vulnerability disclosure to Crédit Agricole, you are required to:

·        Comply with applicable laws.

·        Refrain from conducting denial-of-service attacks or resource exhaustion attacks.

·        Utilize Crédit Agricole systems without intending to harm the Group, its clients, its employees, or its third parties.

·        Not use, disclose, modify, or delete any data accessed by exploiting the vulnerability.

·        Refrain from conducting social engineering, spam, or phishing attacks against Crédit Agricole employees, its third parties, or its clients.

·        Not test the physical security of Crédit Agricole's assets, its third parties, or its clients.

·        Not disclose information regarding this disclosure, the reported vulnerability, or the fact that a vulnerability has been reported to Crédit Agricole.

Crédit Agricole Group commits not to pursue legal action against disclosing parties submitting reports that adhere to the rules.

The disclosure of a vulnerability does not confer any intellectual property rights on assets belonging to the Crédit Agricole Group or any of its third parties.

All aspects of this process are subject to change without notice, as well as exceptions on a case-by-case basis.

The Crédit Agricole Group appreciates the efforts made by the report author to identify the vulnerability. We thank you for your contribution to improving the security of our products and systems and the Internet community as a whole.

 

If you wish to exercise your right to object to the processing of personal data for audience measurement purposes on our site via our service provider AT internet, click on refuse