Responsible Disclosure

We take runtime and platform security seriously. If you discover a vulnerability, please disclose it responsibly.

Process

1. Report

Email security@nervemindos.com with description, reproduction steps, impact, and suggested fix if available.

2. Acknowledge

We aim to acknowledge within 48 hours with an assessment timeline.

3. Assess & fix

Our security team triages severity, develops a fix, and deploys per impact.

4. Coordinate disclosure

We coordinate public disclosure after remediation, with credit if desired.

Guidelines

Please do

  • Report promptly and in good faith
  • Keep issues confidential until fixed
  • Avoid accessing or modifying others' data
  • Respect user privacy and service availability

Please don't

  • Disrupt production services or other tenants
  • Publicly disclose before coordination
  • Run aggressive automated scans without approval
  • Violate laws or agreements