Contact: mailto:security@enveritas.org Encryption: https://keybase.io/enveritas/pgp_keys.asc Fingerprint: 4F03 7721 022C 0811 7CDB 120D D053 B501 18B5 84EE Hiring: https://www.enveritas.org/jobs/ Expires: 2027-01-02T00:00:00.000Z Our Vulnerability Disclosure Policy We value the security of our systems and the privacy of our users. We encourage security researchers to report vulnerabilities they discover in our systems. This policy outlines how to report vulnerabilities and what to expect from us. What to Report: - Security vulnerabilities in our websites, applications, or other digital assets. - Any potential security flaws that could be exploited. How to Report: - Please email us at security@enveritas.org with a detailed description of the vulnerability, including steps to reproduce it. - Provide your contact information so we can reach you for clarification. - Avoid including sensitive data or personally identifiable information in your report unless absolutely necessary. - Do not exploit the vulnerability beyond what is necessary to demonstrate its existence. What We Will Do: - We will acknowledge your report within 7 business days. - We will investigate the reported vulnerability and aim to provide a timeline for remediation. - We will keep you informed of our progress. - We will treat your report confidentially. - We will not take legal action against researchers who act in good faith and follow this policy. What Not to Do: - Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. - Do not attempt to exploit the vulnerability for malicious purposes. - Do not disrupt our services or access data that does not belong to you. By reporting a vulnerability according to this policy, you agree to: - Keep the vulnerability confidential until it is resolved. - Not attempt to exploit the vulnerability beyond what is necessary to demonstrate its existence. - Not engage in any activity that could harm our users or systems. Contact: For any questions or concerns regarding this policy, please contact us at security@enveritas.org.