Vulnerability Reporting Policy

Safe Harbor Commitment

Radiatus Cloud Tools welcomes security researchers. We offer a Safe Harbor for researchers who follow this policy. We will not pursue legal action against you for security research that complies with this policy.

Scope

In Scope:

  • Web Application vulnerabilities (XSS, CSRF, Injection)
  • Misconfigurations in security headers
  • Authentication bypasses (if auth is implemented)

Out of Scope:

  • Social Engineering (Phishing)
  • Physical Security
  • DoS/DDoS attacks
  • Automated scanner reports without POC

Reporting Guidelines

  1. Do not exploit the vulnerability beyond what is needed to prove it exists.
  2. Do not access or modify user data.
  3. Send your report to security@radiatus.com.
  4. Include a clear Proof of Concept (PoC).

Response Timeline

  • Acknowledgment: Within 48 hours.
  • Triaging: Within 5 business days.
  • Resolution: Timeline depends on severity.