INIGO LABS, INC. SECURITY DISCLOSURE POLICY
Inigo is committed to security. As a software company providing security defenses, we have the obligation to do our best to ensure all Inigo’s products are highly resilient and secure. While we perform our own penetration tests and follow security best practices from the very early stages of our product development, software bugs are inevitable. As such, it is in our best interest to perform due diligence when it comes to triaging and fixing security lapses that may surface in our products over time.
If you discover a security flaw in our product, we appreciate your cooperation in responsibly investigating and reporting it to us privately so that we can address it as soon as possible.
Reporting a Vulnerability
Should you identify security vulnerabilities, you can reach out to our security team over email at [email protected], or alternatively by filling out our security disclosure Google Form.
Here are some guidelines on how to compose a vulnerability report to Inigo:
- A description of the vulnerability found by the security researcher.
- Identification of the vulnerability's location and the potential impact (API endpoint, IP address, DNS name, etc.).
- Reports should provide a detailed technical description of the steps required to reproduce the vulnerability. screenshots and proof-of-concept code are all helpful for our team during triage.
Inigo may contact security researchers for clarification purposes on the reported vulnerability information or other technical interchanges. Currently, we do not offer bounties for disclosure.
Our team will triage your report and reach out to you once we have determined the necessary course of action. Inigo reserves the right to decide when and how security issues are addressed, but we always welcome mitigation proposals.
