Responsible Disclosure
WitnessOps responsible disclosure policy for security vulnerabilities.
Report vulnerabilities to security@witnessops.com.
This is the canonical security contact. If plus-addressing is enabled, security+witnessops@witnessops.com may be used as a receive-only alias, but it does not replace the canonical mailbox.
We aim to acknowledge security reports within 72 hours and coordinate remediation before disclosure when practical.
Do not perform destructive testing, denial-of-service activity, data exfiltration, or access outside authorized scope. If scope is unclear, stop and report.
For the broader security posture and verification continuity details, see Security.
Source: content/witnessops/support/responsible-disclosure.mdx