Security at Ciroos
Responsible Disclosure Policy
β
At Ciroos, the security of our systems, customers, and partners is a top priority. We recognize the important role that security researchers and the community play in helping us maintain a secure environment.
β
If you believe you have discovered a security vulnerability in a Ciroos product, service, or system, we encourage you to report it to us responsibly.
β
β
How to Report
β
Please send your findings to security@ciroos.ai. To help us investigate effectively, please include:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Any relevant tools, scripts, or proof-of-concept code (if available)
β
Guidelines for Researchers
β
We ask that you follow these principles when investigating and reporting:
β
- Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.
- Do not disrupt services for customers or exfiltrate sensitive data.
- Respect privacy and confidentiality of any data encountered.
- Allow us reasonable time to investigate and remediate before disclosing publicly.
β
Our Commitment
β
If you report a valid security issue to us:
- We will acknowledge receipt of your report.
- We will provide regular updates as we investigate.
- We will notify you when the issue is remediated.
- We will not pursue legal action if you follow this policy in good faith.
β
Recognition
β
While we do not currently operate a paid bug bounty program, we deeply appreciate contributions that help us strengthen security. With your permission, we may recognize you on our website or in release notes for valid reports.
β
Thank You
β
Your efforts to help keep Ciroos and our community secure are invaluable. Together, we can maintain a trusted environment for our user community.
β
.png)
