Home
> Responsible Disclosure

Responsible Disclosure

Responsible Disclosure

Intarmour encourages ethical security research. Learn how to report vulnerabilities safely and responsibly, in line with our coordinated disclosure policy.

At Intarmour, we take the security of our infrastructure, services, and users seriously. Despite our best efforts, vulnerabilities can occasionally arise. We believe that responsible, coordinated vulnerability disclosure plays a critical role in protecting digital ecosystems and fostering trust. This page outlines our approach to working with ethical hackers, researchers, and external parties who identify potential vulnerabilities in our systems.

Scope of Disclosure

This policy applies to all digital assets owned or operated by Intarmour, including but not limited to public-facing web properties, APIs, cloud-hosted environments, and integrations with third-party platforms under our administrative control.

We encourage the reporting of any vulnerability that could compromise the confidentiality, integrity, or availability of systems or data. Examples include:

  • Improper authentication or access control mechanisms

  • Data exposure through APIs or misconfigurations

  • Cross-site scripting (XSS), SQL injection, or command injection

  • Insecure dependencies or library usage

  • Misuse of authentication tokens or session identifiers

Reports concerning social engineering, physical attacks, denial-of-service, or spam are generally excluded from this scope unless otherwise authorized in writing.

Coordinated Disclosure Process

We request that all researchers follow a coordinated disclosure approach, allowing us adequate time to verify and resolve the issue before public disclosure. Our preferred process is as follows:

  1. Submit a detailed report to our security team via email: security@intarmour.com

  2. Include relevant technical information, steps to reproduce, and evidence of the vulnerability.

  3. Refrain from disclosing the issue publicly for at least 90 days or until confirmation of remediation, whichever comes first.

  4. Once the issue is resolved, we will optionally credit the researcher, if requested.

All reports are reviewed by our internal security team. We commit to acknowledging receipt within 5 business days and to keeping the reporter informed of status updates during the investigation and resolution phases.

Safe Harbor Statement

We will not pursue legal action against researchers who:

  • Act in good faith within the boundaries of this policy

  • Do not exploit or exfiltrate data during testing

  • Avoid any activity that could degrade system performance

  • Provide us a reasonable opportunity to remediate the issue

This policy does not waive any rights or obligations under applicable law, but aims to foster open and responsible communication with the security research community.

Encryption and Secure Communication

Researchers who wish to report a vulnerability securely may request our PGP public key via the same email address. We encourage the use of encrypted communication for any report containing sensitive technical details or data.

Contact and Inquiries

For questions about this policy or to discuss a disclosure scenario in advance, please contact:

security@intarmour.com

Stay Ahead.

Subscribe for Expert Insights.