Responsible Disclosure Policy

Guidelines for reporting security vulnerabilities and coordinating disclosure

Zyenra Security logo

Effective Date: January 1, 2025

At Zyenra Security, we are committed to advancing cybersecurity through ethical research and responsible vulnerability disclosure. We recognize the importance of coordinated communication between researchers, vendors, and affected parties to ensure vulnerabilities are resolved without creating unnecessary risk to users or systems.

Our responsible disclosure process applies to vulnerabilities discovered in third-party or open-source software, products, and online services that are not directly owned or operated by our clients. Each report is handled confidentially and is intended to assist the vendor in understanding, verifying, and remediating the issue securely.

Disclosure Timeline

Once a vendor or maintainer has been notified, Zyenra Security allows a 90-day disclosure window before public release of technical details, unless:

  • The vendor releases a patch or advisory earlier, or
  • An alternate timeline is mutually agreed upon, or
  • Immediate disclosure is necessary to prevent active exploitation.

Secure Communication

For secure communication, Zyenra Security supports PGP encryption. Vulnerability reports and coordination requests can be directed to:

Email: security@zyenra.com

PGP Key: Available at /assets/zyenra.asc

Website: https://www.zyenra.com

Zyenra Security reserves the right to publish validated vulnerabilities following responsible disclosure timelines, or once mitigation has been confirmed by the vendor.