Skip to main contentVulnerability Disclosure
We appreciate the security research community’s efforts to improve our security.
Reporting
Email: [email protected]
Include:
- Detailed description
- Steps to reproduce
- Potential impact
- Your contact info
Response Timeline
| Timeline | Action |
|---|
| 24 hours | Acknowledgment |
| 72 hours | Initial assessment |
| 7 days | Status update |
| 90 days | Coordinated disclosure |
Scope
In Scope:
- ASG Gateway
- ASG Console
- Payment systems
- Authentication
Out of Scope:
- Third-party services
- Social engineering
- Physical security
- DoS attacks
Safe Harbor
We will not pursue legal action against researchers who:
- Report in good faith
- Avoid privacy violations
- Give reasonable response time
- Don’t exploit beyond PoC
Recognition
Contributors may be featured in our Hall of Fame and eligible for bounties. 
