Vulnerability Reporting

How to Report

To report a security vulnerability, please email security@secodx.com. For sensitive reports, please use PGP encryption (key available upon request).

What to Include

• Type of vulnerability (e.g. XSS, SQL injection, authentication bypass)
• URL or endpoint affected
• Steps to reproduce
• Potential business impact
• Your contact information for follow-up

Response Timeline

We acknowledge all reports within 2 business days. We aim to remediate Critical and High severity vulnerabilities within 7 days, Medium within 30 days, and Low within 90 days.

Recognition

We recognize researchers who responsibly disclose valid vulnerabilities. Recognition may include public acknowledgment (with your consent) and a letter of appreciation.