Security

Responsible Disclosure

We take security seriously. If you find a vulnerability in CTI Platform, please report it to us privately so we can address it before it becomes a risk to our users.

Security Contact
Report vulnerabilities by email. Please include a clear description and reproduction steps. We respond to all valid reports.

What to include in your report

  • Description — what the vulnerability is and what it allows an attacker to do.
  • Reproduction steps — a clear, minimal sequence of steps to trigger the issue.
  • Impact assessment — which data or users could be affected.
  • Proof of concept — screenshots, request/response captures, or a working exploit (optional but helpful).
  • Your contact details — so we can follow up and credit you if appropriate.

Our response commitment

1d
Initial acknowledgement
We confirm receipt of your report within 1 business day.
5d
Triage and assessment
We assess severity and confirm whether the report is valid within 5 business days.
30d
Fix and disclosure
We aim to fix critical and high-severity issues within 30 days. We coordinate disclosure timing with you.

Safe harbor

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith, provided that:

  • You do not access, modify, or exfiltrate data belonging to other users.
  • You do not perform denial-of-service attacks or disrupt live service.
  • You report the issue to us before any public disclosure.
  • You give us reasonable time to fix the issue before disclosure.

Out of scope

  • Social engineering attacks against our team or users.
  • Physical attacks against infrastructure or personnel.
  • Spam, phishing, or denial-of-service attacks.
  • Findings from automated scanners without evidence of exploitability.
  • Vulnerabilities in third-party services not under our control.

Incident escalation

For active incidents, platform outages, or urgent security events, use the Report a Vulnerability button above and include [URGENT] in the subject line. We monitor this address continuously.

For general support and non-security questions, see your onboarding contact or the platform's support escalation policy.

CTI Platform · Security & Responsible Disclosure
Landing · Privacy Policy · Terms of Service · Login