Responsible Disclosure Policy
Last updated: May 2026
IntrudR is committed to working with the security community to identify and resolve vulnerabilities in our platform. We welcome responsible disclosure from security researchers acting in good faith.
1. Scope
In scope:
- intrudr.io and all subdomains
- Our API (api.intrudr.io)
- Authentication and authorization systems
- The web application and its client-side code
Out of scope:
- Social engineering or phishing of IntrudR staff
- Physical security attacks
- Denial of service (DoS / DDoS) attacks
- Vulnerabilities in third-party services we rely on
- Automated scanning of production infrastructure
2. Rules of Engagement
- Do not access, modify, or delete data belonging to other users
- Do not disrupt production services or impact other users
- Do not use automated scanners against production — use your own account's sandbox
- Allow us 90 days to remediate before public disclosure
- Do not exploit the vulnerability beyond what is needed to demonstrate it
3. What to Report
- Authentication bypasses or session management flaws
- Authorization flaws: IDOR, privilege escalation, BOLA
- Injection vulnerabilities: SQL injection, XSS, SSTI, SSRF
- Cryptographic weaknesses
- Sensitive data exposure
- Business logic vulnerabilities with security impact
4. How to Report
Send your report to security@intrudr.io with:
- A clear description of the vulnerability
- Step-by-step reproduction instructions
- An assessment of the potential impact
- Your contact information (for follow-up)
- Any proof-of-concept code or screenshots
If your report contains sensitive data, request our PGP key at the email above before sending.
5. Our Commitments
- Acknowledge your report within 48 hours
- Provide status updates as we investigate and remediate
- Notify you when the vulnerability is patched
- Credit you in our security acknowledgements (if you wish)
6. Safe Harbor
We will not pursue legal action against researchers who act in good faith in accordance with this policy. We consider responsible security research to be a valuable contribution to the security of our platform and our users.
7. Contact
Report a vulnerability: security@intrudr.io