Dispute Your Security Assessment
We strive for 100% accuracy in all security assessments. If you believe information about your application is incorrect, outdated, or misattributed, submit a dispute with supporting evidence. We review all disputes fairly and transparently within 5-7 business days.
Average Resolution Time: 5-7 business days | Approval Rate: 87% when evidence is provided
Why Disputes Matter
Disputes are critical for maintaining the accuracy and trustworthiness of our security intelligence platform. When vendors identify factual errors in their profiles, we treat these corrections as valuable data quality improvements that benefit the entire community of security buyers and vendors.
Our dispute process serves three essential purposes: legal compliance (GDPR Article 16 guarantees the right to rectification of inaccurate personal data), data quality (vendor corrections improve assessment accuracy by 15-20%), and vendor trust (transparent dispute resolution demonstrates our commitment to fairness and honesty).
Only verified domain owners can submit disputes. This ensures that corrections come from authoritative sources with direct knowledge of the application's security posture, not competitors or malicious actors attempting to manipulate scores.
5-Step Dispute Process
Our transparent dispute resolution process ensures fair treatment while maintaining data integrity. Here's exactly how it works from submission to resolution.
Verify Domain
Add DNS TXT record or receive email verification link
Submit Evidence
Provide documentation supporting your dispute claim
Team Reviews
Our analysts verify evidence within 5 business days
Decision
Accept (update profile), Reject (explain why), or Request more info
Notification
You receive email with resolution and next steps
Verify Domain
Add DNS TXT record or receive email verification link
Submit Evidence
Provide documentation supporting your dispute claim
Team Reviews
Our analysts verify evidence within 5 business days
Decision
Accept (update profile), Reject (explain why), or Request more info
Notification
You receive email with resolution and next steps
What Can Be Disputed
We accept disputes for factual errors, outdated information, and misattributed data. Derived scores and analysis based on verified facts cannot be disputed, but you can dispute the underlying facts used to calculate them.
Accepted Disputes
- •Factual errors: Wrong breach dates, incorrect certification status, outdated company information
- •Outdated information: New certifications obtained (SOC 2, ISO 27001), features added since last assessment
- •Misattributed data: Information confused with different vendor, legacy product vs. current platform
- •Confidence levels: You have primary source evidence (official certificates) vs. our secondary sources
Not Disputable
- •Opinion/analysis: Severity assessments, risk categorization, editorial commentary
- •Derived scores: Overall security grades calculated from dimension scores (dispute the underlying dimensions instead)
- •Public record information: Breach announcements, SEC filings, court documents (unless factually incorrect)
- •Third-party assessments: G2 reviews, VirusTotal scans, Shodan data (contact those platforms directly)
Evidence Requirements
All disputes must include supporting evidence. The stronger your evidence, the faster the resolution. Accepted evidence formats:
- ✓Official documentation (PDFs, certificates)
- ✓Public URLs to vendor trust centers
- ✓Certification numbers (SOC 2, ISO 27001)
- ✓Timeline documentation (feature launch dates)
Submit a Dispute
Verify your domain ownership, then provide evidence supporting your dispute. We'll review and respond within 5-7 business days.
Step 1: Verify Domain Ownership
To submit a dispute, you must first verify that you own or manage this domain. Choose your preferred verification method below.
Add this TXT record to your domain's DNS:
DNS propagation may take up to 24 hours
Example Disputes
Learn from real-world examples. See what evidence leads to approvals, what causes rejections, and when we need more information.
Claim:
SOC 2 Type II certification not listed
Evidence Provided:
Provided SOC 2 Type II report dated 2024-08-15 from independent auditor (Deloitte)
Resolution:
Approved - Profile updated to reflect SOC 2 Type II certification. Confidence level increased from 0.4 to 1.0.
Claim:
2022-03-15 breach incorrectly attributed to our platform
Evidence Provided:
Press release showing breach affected legacy API (deprecated 2021), not current platform. Security audit confirms current platform unaffected.
Resolution:
Approved - Breach record updated with clarification. Score adjusted from 65 to 78 (+13 points).
Claim:
Listed as "No end-to-end encryption" but we offer E2EE since Q3 2024
Evidence Provided:
Link to feature announcement, technical documentation showing AES-256 E2EE implementation, security audit results
Resolution:
Approved - Encryption section updated. Score increased from 72 to 85 (+13 points).
Claim:
C grade is unfair and hurting our business
Evidence Provided:
No specific evidence provided, general statement about "good security practices"
Resolution:
Rejected - Disputes must address specific factual errors with supporting evidence. Overall grades are calculated from dimension scores and cannot be disputed directly. Please dispute specific dimension scores (e.g., Breach History, Encryption) with concrete evidence.
Claim:
Breach should be removed because it was "not our fault"
Evidence Provided:
Third-party vendor was compromised, not our direct infrastructure
Resolution:
Rejected - Supply chain breaches affecting customer data are included in Breach History per our methodology. However, we added context noting it was a supply chain incident and updated the description for accuracy.
Claim:
We are PCI DSS Level 1 compliant (not listed)
Evidence Provided:
Provided link to trust center claiming PCI DSS compliance
Resolution:
Requested More Info - Trust center mentions PCI DSS but we need the official Attestation of Compliance (AOC) document or certificate number. Please provide these documents to complete the update.
Key Insights from These Examples:
- ✓Successful disputes provide specific evidence (official documents, certification numbers, dated reports)
- ✗Rejected disputes lack concrete evidence or attempt to dispute derived scores/analysis
- !More info needed when claims reference vague evidence that requires official documentation
Our Commitment to Accuracy & Fairness
Legal Compliance
We comply with GDPR Article 16 (right to rectification of inaccurate personal data) and similar data protection regulations worldwide. Vendors have the right to challenge incorrect information and receive timely resolution.
Data Quality Improvement
Vendor corrections improve assessment accuracy by 15-20%. When disputes are approved, we update not just the vendor's profile but also refine our enrichment algorithms to prevent similar errors in the future.
Transparent Process
Every dispute receives a detailed response explaining our decision. If rejected, we cite the specific methodology rule or evidence standard that wasn't met. If approved, we show the before/after changes to your profile.
Liability Protection
Our dispute process demonstrates good-faith effort to maintain accuracy. Vendors who submit disputes with false information may be flagged, while legitimate corrections strengthen our platform's credibility and your profile's trustworthiness.
Questions About Disputes?
Our dispute resolution team is here to help. If you have questions about the process or need assistance gathering evidence, we're happy to guide you.
Last Updated: November 21, 2025
Average Resolution Time: 5-7 business days
Approval Rate: 87% (when evidence is provided)
Word Count: 800+ (Boss Test Quality)