A public policy page for reporting vulnerabilities in the Sigvex
platform. Sections follow a numbered structure:
Introduction,
Scope (2.1 In Scope, 2.2 Out of Scope),
How to Report,
What to Expect,
Safe Harbour,
Disclosure Timeline,
Recognition,
What We Ask of You,
Contact.
Why it exists
Responsible disclosure requires an unambiguous policy: what is in
scope, where to send a report, what the reporter can expect, and
how the programme treats good-faith research. This page is that
policy, published publicly so researchers do not have to ask.
Who uses it
Security researcher — reads the policy before submitting a
report.
Legal reviewer — verifies safe-harbour language and scope.
How to open it
Footer → Security → Responsible Disclosure.
Direct URL — /security/disclosure.
Using the page
Read sections 1 and 2 to confirm the vulnerability falls in
scope.
Follow section 3 — How to Report — to submit the report.
Review sections 4 and 6 for response and disclosure timelines.
Review section 5 for safe-harbour terms.
Use section 9 — Contact — for unrelated security questions.
Inputs and outputs
Input
Source
Required
None.
Output
Format
Destination
Policy text
HTML
In-page render
Controls reference
Inline links to the contact form and related security pages.
Limits
Public page; no sign-in required.
The page is read-only; submitting a report goes through the
contact channel in section 3, not this page.
Troubleshooting
Symptom or error
Cause
Action
Contact link does not open
Browser blocked the navigation
Navigate directly to /contact and mark the subject as a security vulnerability report.