Report a Vulnerability
We take security seriously and appreciate your help in keeping our products and services secure.
Responsible Disclosure Program
Our responsible disclosure program provides a structured way for security researchers and users to report vulnerabilities they discover in our systems. We're committed to working with the security community to identify and address security issues promptly.
How to Report a Vulnerability
To report a security vulnerability, please send an email to security@acrapt.us with the following information:
- • A detailed description of the vulnerability
- • Steps to reproduce the issue
- • The potential impact of the vulnerability
- • Any suggestions for mitigation or fixing the issue
- • Your contact information for follow-up communications
Our Commitment
When you submit a vulnerability report, we commit to:
- • Acknowledge receipt of your report within 48 hours
- • Provide an initial assessment of the report within 5 business days
- • Keep you informed about our progress addressing the issue
- • Not take legal action against you for security research conducted in good faith
- • Recognize your contribution (with your permission) after the vulnerability has been fixed
Scope & Guidelines
Our vulnerability disclosure program covers all Acrapt.us owned websites, applications, and services. When conducting security research, please:
- Do not harm data: Avoid accessing, modifying, or deleting data that doesn't belong to you.
- Do not cause service disruption: Avoid denial of service tests or actions that could impact system availability.
- Do not share findings publicly: Please give us reasonable time to address issues before disclosing them publicly.
- Only test against test accounts: If you need to create accounts for testing, clearly mark them as security research accounts.