Orisium

Vulnerability Disclosure

We value the security community's efforts in helping keep Orisium and our customers safe. Learn how to responsibly report security vulnerabilities.

Report a Vulnerability

If you've discovered a security vulnerability in Orisium, we appreciate your help in disclosing it to us responsibly.

Reporting Process

What to expect when you report a vulnerability.

1
Submit Report

Send vulnerability details to security@orisium.com with as much detail as possible.

2
Acknowledgment

We'll acknowledge receipt within 24 hours and assign a tracking number.

3
Investigation

Our security team investigates and works to reproduce the issue.

4
Resolution

We develop and deploy a fix, then notify you of the resolution.

5
Disclosure

Coordinated disclosure after the fix is deployed, with credit if desired.

In Scope
  • Orisium platform web applications
  • Orisium APIs and endpoints
  • Mobile applications
  • Client-side libraries and SDKs
  • Infrastructure supporting the above
Out of Scope
  • Social engineering attacks
  • Physical security assessments
  • Denial of service attacks
  • Spam or phishing
  • Third-party applications

Our Commitment

24-Hour Response

Initial acknowledgment within 24 hours of submission.

Transparent Updates

Regular status updates throughout the investigation.

Recognition

Public acknowledgment for valid reports, if desired.

Safe Harbor

We consider security research conducted in accordance with this policy to be authorized, lawful, and helpful. We will not pursue legal action against researchers who follow these guidelines and act in good faith.