At Veloxity, we value quality software and the work that goes into creating it. We acknowledge and appreciate the work done by ethical white-hat security researchers to discover and responsibly report security vulnerabilities found in software used around the world. It is for this reason that we are providing the Security Vulnerability Program outlined below.
Any security research being performed needs to respect the data of Veloxity customers and the level of service expected by Veloxity customers. As such, security researchers must adhere to the following rules:
The following is a list of in-scope domains. Any Veloxity-controlled domain that is not listed below is implicitly out-of-scope.
Any research activities that stay within the parameters of the provided instructions will be considered by Veloxity to be acceptable conduct and will not result in legal action initiated by Veloxity against the researcher.
If you are uncertain if an activity falls under acceptable conduct as per the provided instructions, contact Veloxity before performing the activity.
Discoveries are to be reported to the [email protected] email address. Please include the following details within the report:
We should respond via email with an acknowledgement of your report within seven days.
We will then assess the validity and impact of the reported vulnerability. We will contact you again after this assessment.
If it is determined that the vulnerability needs to be patched, the patch will be created and pushed out within 30 days of the completion of the assessment.