Responsible Disclosure
We take runtime and platform security seriously. If you discover a vulnerability, please disclose it responsibly.
Process
1. Report
Email security@nervemindos.com with description, reproduction steps, impact, and suggested fix if available.
2. Acknowledge
We aim to acknowledge within 48 hours with an assessment timeline.
3. Assess & fix
Our security team triages severity, develops a fix, and deploys per impact.
4. Coordinate disclosure
We coordinate public disclosure after remediation, with credit if desired.
Guidelines
Please do
- Report promptly and in good faith
- Keep issues confidential until fixed
- Avoid accessing or modifying others' data
- Respect user privacy and service availability
Please don't
- Disrupt production services or other tenants
- Publicly disclose before coordination
- Run aggressive automated scans without approval
- Violate laws or agreements
