VULNERABILITY DISCLOSURE
Security PolicyWe take security seriously. Here is how we handle disclosures.
Reporting a Vulnerability
If you believe you have found a security vulnerability in SOC Root's platform or infrastructure, please report it to us immediately. We investigate all legitimate reports and do our best to quickly fix the problem.
- Submit your report via our Contact Page.
- Do not disclose the vulnerability publicly until we have had a chance to remediate it.
- Provide clear, reproducible steps or a proof of concept (PoC).
Our Commitment
Fast Response
We aim to acknowledge receipt of vulnerability reports within 24 hours.
Safe Harbor
We will not pursue legal action against researchers who follow this policy in good faith.
Transparency
We will keep you informed of the progress as we investigate and mitigate the issue.
Remediation
We prioritize fixing confirmed vulnerabilities based on severity and impact.
Out of Scope
The following activities are strictly prohibited and out of scope:
- Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
- Physical testing of our facilities or hardware.
- Social engineering (e.g., phishing, vishing) against our employees, contractors, or customers.
- Exfiltrating, destroying, or modifying data that does not belong to you.
- Automated scanning with tools that generate extensive traffic.