Vulnerability Reporting Program

Vulnerability Disclosure Program

At Pandectes, we take the security and privacy of our users, partners, and data seriously. We’re committed to maintaining a secure environment and welcome reports from security researchers and the broader community to help us achieve this goal.

If you believe you’ve discovered a security vulnerability in our systems, services, or applications, we encourage you to report it responsibly.

How to Report a Vulnerability

Please send your report to:

Include the following information in your report:

A detailed description of the vulnerability
Steps to reproduce the issue (if applicable)
Any relevant URLs, screenshots, or code snippets
Your name or alias (optional) for acknowledgment

What We Expect from You

Do not exploit the vulnerability or access data beyond what is necessary to demonstrate the issue.
Avoid actions that could negatively affect the integrity or availability of our services (e.g., DoS, mass scanning).
Allow us a reasonable amount of time to investigate and resolve the issue before publicly disclosing it.
Follow good faith practices throughout the disclosure process.

What You Can Expect from Us

We will acknowledge your report promptly.
We will investigate the issue and work to resolve it as quickly as possible.
If requested and appropriate, we will publicly acknowledge your contribution.
We will not take legal action against researchers who follow this responsible disclosure policy in good faith.

Acknowledgement and Remediation Timelines

Acknowledgement:

We commit to acknowledging all vulnerability reports within 48 hours of receipt.

Remediation:

Critical Vulnerabilities: Our goal is to remediate within 30 days of verification.
High Severity Vulnerabilities: We aim to resolve these within 45 days, following an expedited process.
Medium and Low Severity Vulnerabilities: These will be addressed as part of our regular release cycle.