Hello, Researcher!

We appreciate your help in making Soraxus more secure. Here's how you can report vulnerabilities responsibly.

Contact Information

Please send your reports to [email protected]

In Scope

  • *.soraxus.com domains and subdomains
  • Soraxus API endpoints
  • Soraxus client portal
  • Infrastructure management systems

Out of Scope

  • Physical security testing
  • Social engineering attacks
  • DoS/DDoS attacks
  • Customer applications or infrastructure
  • Third-party services not operated by Soraxus

Safe Harbor Guidelines

Follow these guidelines to qualify for our safe harbor protection:

  • Do not access, modify, or store customer data
  • Do not exploit vulnerabilities beyond proof of concept
  • Do not publicly disclose vulnerabilities before we fix them
  • Do not conduct testing that impacts service availability
  • Follow responsible disclosure timeframes

Disclosure Policy

We follow a coordinated disclosure process. After submitting a report:

  1. We'll acknowledge receipt within 24 hours
  2. You'll receive a preliminary assessment within 72 hours
  3. We aim to resolve valid issues within 90 days
  4. Public disclosure is coordinated after the vulnerability is fixed