Hello, Researcher!
We appreciate your help in making Soraxus more secure. Here's how you can report vulnerabilities responsibly.
Contact Information
Please send your reports to [email protected]
In Scope
- *.soraxus.com domains and subdomains
- Soraxus API endpoints
- Soraxus client portal
- Infrastructure management systems
Out of Scope
- Physical security testing
- Social engineering attacks
- DoS/DDoS attacks
- Customer applications or infrastructure
- Third-party services not operated by Soraxus
Safe Harbor Guidelines
Follow these guidelines to qualify for our safe harbor protection:
- Do not access, modify, or store customer data
- Do not exploit vulnerabilities beyond proof of concept
- Do not publicly disclose vulnerabilities before we fix them
- Do not conduct testing that impacts service availability
- Follow responsible disclosure timeframes
Disclosure Policy
We follow a coordinated disclosure process. After submitting a report:
- We'll acknowledge receipt within 24 hours
- You'll receive a preliminary assessment within 72 hours
- We aim to resolve valid issues within 90 days
- Public disclosure is coordinated after the vulnerability is fixed