Skip to main content
Sigvex

Responsible Disclosure

Public disclosure policy for reporting a Sigvex platform vulnerability — scope, how to report, timelines, safe harbour, recognition.

What it is

A public policy page for reporting vulnerabilities in the Sigvex platform. Sections follow a numbered structure:

  1. Introduction,
  2. Scope (2.1 In Scope, 2.2 Out of Scope),
  3. How to Report,
  4. What to Expect,
  5. Safe Harbour,
  6. Disclosure Timeline,
  7. Recognition,
  8. What We Ask of You,
  9. Contact.

Why it exists

Responsible disclosure requires an unambiguous policy: what is in scope, where to send a report, what the reporter can expect, and how the programme treats good-faith research. This page is that policy, published publicly so researchers do not have to ask.

Who uses it

  • Security researcher — reads the policy before submitting a report.
  • Legal reviewer — verifies safe-harbour language and scope.

How to open it

  1. Footer → SecurityResponsible Disclosure.
  2. Direct URL — /security/disclosure.

Using the page

  1. Read sections 1 and 2 to confirm the vulnerability falls in scope.
  2. Follow section 3 — How to Report — to submit the report.
  3. Review sections 4 and 6 for response and disclosure timelines.
  4. Review section 5 for safe-harbour terms.
  5. Use section 9 — Contact — for unrelated security questions.

Inputs and outputs

Input Source Required
None.
Output Format Destination
Policy text HTML In-page render

Controls reference

  • Inline links to the contact form and related security pages.

Limits

  • Public page; no sign-in required.
  • The page is read-only; submitting a report goes through the contact channel in section 3, not this page.

Troubleshooting

Symptom or error Cause Action
Contact link does not open Browser blocked the navigation Navigate directly to /contact and mark the subject as a security vulnerability report.