Coordinated Vulnerability Disclosure
At Netra, security is not just our product—it is our core identity. We value the contributions of the security research community in helping us maintain the highest possible forensic standards.
Important: Accessing customer data is strictly prohibited. If you find a vulnerability in our marketing/engine infrastucture, do not attempt to exfiltrate identity-related metadata.
Report a Vulnerability
To report a security vulnerability, please email [email protected]. We encourage you to use PGP for sensitive reports.
We will acknowledge receipt within 48 hours and provide regular updates on the remediation status.
Our Commitment
- Safe Harbor: Netra will not pursue legal action against researchers who discover and report vulnerabilities responsibly within the scope of this policy.
- Transparency: We follow a 90-day disclosure window. Once a fix is verified, we will publicly acknowledge the researcher (with consent).
- Priority Calibration: Reports affecting our **License Engine** or **Forensic Code Integrity** are treated with P1 Priority.
Rules of Engagement
1. Do not use automated scanners against our production landing page (netrasecsol.com).
2. Do not use vulnerabilities to perform Denial of Service (DoS) attacks.
3. Do not engage in social engineering against Netra staff or customers.
Submit a Finding