Security Policy

01 Reporting a Vulnerability

If you believe you have found a security vulnerability in Vorthix infrastructure or services, email security@vorthix.com with full details. A PGP key is available on request for encrypted communication. Please do not disclose the issue publicly until we have had a reasonable opportunity to investigate and remediate.

02 What to Include

• Affected software and version
• A clear description of the vulnerability
• Step-by-step instructions to reproduce
• A proof-of-concept, if available
• Your contact information for follow-up

03 Our Commitment

• Acknowledge your report within 24 hours
• Confirm validity within 72 hours
• Coordinate a disclosure timeline with you
• Credit researchers in the public writeup

04 Safe Harbor

We do not pursue legal action against good-faith security researchers who follow this policy. Activity conducted in accordance with this policy is considered authorized, and we will not initiate or support legal action for accidental, good-faith violations. If legal action is brought by a third party against a researcher who complied with this policy, we will make this authorization known.

05 CVE Coordination

We request CVEs through appropriate CNA channels for all confirmed findings. We work with maintainers and coordinating bodies to ensure that identifiers are assigned and that disclosure aligns with the availability of a fix. Researchers who report valid issues will be credited in the corresponding advisory.

06 Contact

Reach our security team directly at security@vorthix.com.