Przejdź do głównej zawartości
Wersja: najnowsza

Vulnerability Disclosure Policy

VaultPAM takes the security of its platform seriously. This policy describes how to report security vulnerabilities and what you can expect from us during the disclosure process.

How to report

  • Email security@vaultpam.com with a description of the issue, steps to reproduce, and an impact assessment.
  • For sensitive reports, request our PGP key from the same address before sending details.
  • Do not disclose the vulnerability publicly until we have confirmed a fix is in place.

Safe harbour

Safe harbour policy coming soon — contact security@vaultpam.com for details pending legal review.

What to expect from us

  • Acknowledgement within 5 business days.
  • Status updates every 10 business days while the issue is under investigation.
  • Credit in release notes (if desired) once the fix ships.

Coordinated disclosure

  • We follow a 90-day coordinated disclosure timeline.
  • We will work with you to align the disclosure date if remediation takes longer.
  • Critical vulnerabilities affecting active exploitation may be disclosed earlier after customer notification.

Out of scope

The following are outside the scope of this policy:

  • Denial of service attacks
  • Social engineering of VaultPAM staff
  • Issues in third-party services not under our control
  • Findings from automated scanners without a demonstrated impact