Vulnerability Disclosure Policy

1. Introduction

Our goal is to ensure the security of our products and services. We encourage researchers and users to report any security vulnerabilities they discover in a responsible manner. This policy outlines how to report vulnerabilities, how we handle them, and what you can expect during the disclosure process.

2. Reporting a Vulnerability

If you discover a vulnerability in our product or service, please follow these steps to report it:

  • Contact: Email us at hello@remne.tech.
  • Information to Include: Provide a detailed description of the vulnerability, including steps to reproduce it, and any potential impact. If possible, include screenshots or logs to help us understand the issue.
  • Confidentiality: We request that you do not disclose the vulnerability publicly until we have had a chance to investigate and address the issue.

3. What to Expect

Upon receiving your report, we commit to the following:

  • Acknowledgement: We will acknowledge receipt of your report within [30] business days.
  • Investigation: Our security team will assess the report and may reach out for additional information. We will work to address the vulnerability as quickly as possible and will keep you informed of our progress.
  • Resolution: Once a fix has been implemented, we will notify you and provide information about the resolution. We will also update our security advisories if appropriate.

4. Responsible Disclosure

We expect researchers to:

  • Avoid Exploitation: Do not exploit the vulnerability beyond what is necessary to demonstrate it.
  • Avoid Disruption: Do not disrupt our services or the experience of our users while testing the vulnerability.
  • Respect Privacy: Do not access, collect, or use any data beyond what is required to confirm the vulnerability.

5. Recognition

We appreciate the contributions of security researchers and will recognize their efforts in our Acknowledgements page if they request to be listed.

6. Legal Considerations

We will not take legal action against researchers who follow this policy in good faith. However, if a researcher violates our guidelines or engages in malicious activities, we may take legal action if necessary.

7. Policy Changes

This policy may be updated from time to time. The most current version will be available on our Vulnerability Disclosure Policy page.

8. Contact

For any questions or concerns regarding this policy, please contact us at hello@remne.tech.