Responsible Vulnerability Disclosure Program


As a global leader in providing solutions to accelerate the pace of innovation, Clarivate is committed to setting the standard in safeguarding our IT environment and customers’ data and encourages responsible reporting of any vulnerabilities that may be found in our site or applications with the endeavour to continually improve the security posture of our organization. Clarivate recognises the value external security researchers can bring to the security of Clarivate systems and remains committed to working with security researchers to verify and address any reported potential vulnerabilities.

If you believe you’ve found a security issue in one of our products or services, partner with us and report potential security vulnerabilities to us via our HackerOne Responsible Vulnerability

Disclosure Program at and include the following details with your report:

  • A description of the issue and where it is located
  • A description of the steps required to reproduce the issue


Please note that this should not be construed as a permission to perform any of the following activities:

  • Hack, penetrate, or otherwise attempt to gain unauthorized access to Clarivate applications, systems, or data in violation of applicable law
  • Perform actions that may Adversely impact Clarivate or the operation of Clarivate applications or systems (e.g. Spam, Brute Force, Denial of Service…)
  • Download, copy, disclose or use any proprietary or confidential Clarivate data, including customer data; and
  • Conduct any kind of physical or electronic attack on Clarivate personnel, property or data centers

Kindly review our Vulnerability Disclosure Policy before you test and/or report a vulnerability. If you responsibly submit a vulnerability report, Clarivate will use reasonable efforts to respond in a timely manner. Thank you for helping us keep Clarivate and its customer’s data safe.