This website is operated under French law. The following legal notices apply to all users accessing this site.
Our commitment
As a cybersecurity firm qualified PASSI ANSSI, Brightway applies to its own website the same requirements we recommend to our clients. We welcome any vulnerability discovery by the security research community and commit to handling it seriously and transparently.
Report a vulnerability on this site
If you have identified a security flaw, a misconfiguration or suspicious behaviour on brightway.fr, contact us through the following channels:
- Email: contact@brightway.fr
Acknowledgement of receipt within 48 business hours.
Report an incident to Brightway CERT
For any security incident report relevant to our CERT (FIRST-accredited) — confirmed compromise, data leak, request for incident response assistance — use the dedicated address below. We recommend PGP encryption for any communication containing sensitive information.
- Email: incident@brightway.fr
- PGP key (UID):
CERT BRIGHTWAY <incident@brightway.fr> - Fingerprint:
1D02 4B06 1FFE 6502 542A 2257 5982 8791 B270 1503
Always verify the full fingerprint before using the public key below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGBLkf0BEADTqlkbkhoLy8IUqTIPVHuF6pY26nYVoBukPvA50jqoPSBN2R96
5/RclFF1TZ/lZULmOFOhgwLTHRZvw34duNapGhsw8iBGAUidMoUOVWj5QpeyjoKQ
vVdxWf51GBEs/9wcZAGVYWvozw9eJ64tQW7fGYAT7cxFEEJD5Mfrq6SdlukXFWOk
ttXGnycHo57dSoEda2aeAWpc1lu7iD475IajzcYmsAHhL32yTqmnryNBmV3pm5+D
EiAgdKJptBIGOcWErjwZhYZtWrkQFdsXz0jqnbcpELcpXZIJmpQHowTtSGPAdXTM
5kAc0Pnwrrg0X5JrcbvD7afh6HyeCq5FYmbtiO+OofPwA6UDoQ5PtOxCOD+MPtOO
7GZKaD2U5IaGYQkYDz12xWjKaoVr2vLZYBEJZ+1IkFZonYW19AnYPRucqptMW5rb
MNFk7U8ulSh9m3ADSNjc2Y7hnuBbrFC96RzHVGKyvlUZPIa0sAcQCr2mkrte6o1d
tNou+5WKA/NqOueJJR04ItPldz82R5VJkM7IZa+/n3FMOq5o9KlQszXHotH0Lyvl
eEb7R0n1wM66n92DURXgsh1CCKYdz2NUDKMsUvVtn3kutSaEr4rG+iqm209tvYE9
s1TzctKDJeq58PxZWD+6Q2VM09f6jUB6n/B5px6pg5vYmXgSHiI6r7dIwwARAQAB
tCZDRVJUIEJSSUdIVFdBWSA8aW5jaWRlbnRAYnJpZ2h0d2F5LmZyPokCVAQTAQgA
PhYhBB0CSwYf/mUCVCoiV1mCh5GycBUDBQJgS5H9AhsjBQkFpKOzBQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEFmCh5GycBUDm1UP/jd97ccEi/izeVrsRF3PZvi6
rQ3AkNvRTS8deaFDB3JP0Z1eocQ+jv9gykeBjf3UZcq7VzqQSF7z8i+VAteZZxSH
BXTp48PZzYLc2hhhLIPD8pZg9b4RrTsIHidvoghuwhNlGNPYlGjfY4eFdN0B74oj
1/5bJcWB1nr4JEeTXIeqEoJERg6RCAKC90IZOqyJgy87I6ctAMFY85adW1Y/bxKD
kzike2lo373m6KBjJMjb4y4NVgatdgphWLMDQHzCJszSNq6R+QCW5o1k48QgLY1t
NO3+DMVy2QJNFSxO4sSwt7LOj6VtJGwpWxmXTO6+5cbPRN4keFJiRk6ERFaBzyQz
ywk6nhBHasB9HR2f7EsIpk1wI2eqWtadovEEpYoOa7qLcNnHzu8oAhrcRC7OQKE7
cN4oJLHYEFamjamMbOosfECKgzdlXUR3v1py1K9MwHZqTyMk8c+s4/+AUa6e2c8C
y618HmVT969Bdgn/bALqCYDQqlgBmELbUZV5bIz1QIi8EXRT+H9DkKCozy5nJdlQ
7rZAH1OYfEJCQhgIxkTl0XLglp1Plp4qfwLa2mtMSUbWdJGxQnh8jh2hPTxhwScE
L+shuHSD5XjtJpVkGsXFgwgSmp9L8XUwDPqLEPGIs8phQq89FGmf5GFBUkL6v8vg
5ZhRStspr/sB74Fl8v+KuQINBGBLkf0BEACcu+wg46P4KKYnumbppGLo7MfTcfmY
ard0DLGwriEnJBuXh2peIFhJTgkVsr6F44NZTPBHkY/IeUOP4zzUDCalTC4CJ1tU
JlpuUyxsOvwULRa6rhbLtIIPqulEcHm8V6TywE44iCiU0UQ6UzY2lZbREihZTYhw
rI03mWJPQpXOgBWYWXNf3vDTVUWFBhqaj++huWSiiz2696tcqpmlSdYJNAplzD83
m8PsD5yA99tMbhd4fRhNaT8WVgSphqRIlw14NRzzqSPX34bBM+8MrE8JQxFJnqtN
EohF7PJ6+BXnpIdYWfLbE2pNAomHFVKWkacJdubxtbrNuz3yMWa74xXDy21NTwYr
AId/y1+s7417GZ03dEfsRJK9VsiCQYjlOgfeKNieRo1VVMZ+jX8WtOXbdF0LpFh4
FJnjzS5iiyibg4Lahkxqt0gGiHyq7K8TTMs8FFieuM/WPnNKjUrYbxvRSsn9QGGx
+7UqbzCw0i2g+dwwFOF4rPK+DtrsWwSGbJx4aJAGWU8/VmlKGUAAepzoEX8B57Ka
XFyf4A1daLwNqSA5GslBinFpRhEhXPSgZ8ahL57Vr0rz5U4DkdbIoiXMyAivDorf
13aOxGFQ/bXxzVCSZ5oOCjSGQkfTwGqunh3eTMzzlsrO3OEKcccwgSZbZPx4zQVy
53JbWq10EAnvWwARAQABiQI8BBgBCAAmFiEEHQJLBh/+ZQJUKiJXWYKHkbJwFQMF
AmBLkf0CGwwFCQWko7MACgkQWYKHkbJwFQMiVRAAh66Tqw3p4rRW1/tYNZY0SzLH
mBKUg3/AwkAyXL1X84i40TxQL/p5J4ekGVCFLI6BqALefxDrQAO9WVKTgFyozuhc
/V/pXdhkwg2fvi8Hrj8c4UmgTp5JTG0HgKK4+G7jS97qlmM4EFZi0AaCx4SwWe3i
E6jpcw47MSLLUftbup31z9EPYVj2qsE5Z47inBdhymGXYDrGPV6691mO8eEn8UKY
qywgsMWBjKkhLaOLn7RzYg0k2B49juWn1yT+pvKCHS37W6cSIT2nqfBnHn5ndeBn
d71sD8B6anuRmifE3e1VXwhztZDDQ7ev161TuyXIduW07SpRMrgL5utgrf39LrtL
zFLkQZUq1n76KRIWrIpaAGioR+fTMls+wN+FahPOSrNGU6RqFOvSNFtbjuJ2Hn9H
O1dm81QOwnrOhiz6PGr8US8ExsVubI7qPs/m7i1IriGICULPAvvbQppe4xMDAljT
ZDvn4vsDzfX+TaMOITSad8BhQdiy5W25s59KKcbZkjGeXV7NWOIF3nJ0HpfcqFqs
wbAW7/sOoXZ4xR4lWu0ybNvGvgHAvN0LJ0bcyjxPVgD3wmx+yTN5RMONQ8gJy/Zx
bcRgBb536uWsD544GemxUiCX6k4owOMMud8avye1dq+iAGhjmW37Ye74bb83vLwm
DMvBpTztKk8anGYivjs=
=XTsj
-----END PGP PUBLIC KEY BLOCK-----A downloadable .asc file will be published soon at /.well-known/openpgpkey/brightway.fr/.
Responsible disclosure process
We follow a responsible disclosure process aligned with industry good practice:
- Receipt — Acknowledgement of your report within 48 business hours.
- Analysis — Technical qualification and impact assessment of the vulnerability within 10 business days.
- Remediation — Implementation of a fix and compensating controls if necessary.
- Communication — Feedback to the reporter once the fix is deployed; public acknowledgement if the reporter wishes.
Rules of engagement
To preserve the quality of our exchanges, we ask you to comply with the following rules:
- never exploit a vulnerability beyond what is strictly necessary to demonstrate its existence;
- do not access, modify, delete or exfiltrate data belonging to third parties;
- do not degrade the quality of service of the site (no denial-of-service tests, no excessive load);
- respect the confidentiality of any information encountered incidentally during your research;
- allow us a reasonable timeframe to fix before any public disclosure (default 90 days).
In return, Brightway commits not to take legal action against researchers who comply with these rules and act in good faith.
Scope covered
This commitment covers:
- the brightway.fr website and its public sub-domains;
- the public APIs exposed by Brightway.
Our clients’ infrastructures, services delivered as part of engagements, and internal tools not exposed publicly are not covered by this policy.
Acknowledgements
Brightway publicly thanks the following individuals for their responsible reports:
No reports received to date.