Disclosure policy

Responsible disclosure at SecPulse

SecPulse supports good-faith security research and coordinated disclosure. If you find a vulnerability, exposed secret, or unsafe configuration affecting SecPulse or assets managed through the platform, send it to us directly and we’ll work it through.

Contact

security@secpulse.tech

Initial response

We aim to acknowledge reports within 24 hours and keep you updated while we validate and triage.

Coordination

We prefer coordinated disclosure and will work with researchers on timelines, validation, and remediation.

Good-faith testing guidelines

Act in good faith and avoid privacy violations, data destruction, or service disruption.

Only test systems you are authorized to assess, and stop once you have enough evidence to document the issue.

Do not publicly disclose details before the affected party has had a reasonable chance to remediate.

Never exfiltrate more data than necessary to prove impact.

What to include in a report

clear reproduction steps

affected URL, host, repo, or asset

impact assessment and likely severity

screenshots, response snippets, or logs

remediation notes if you have them