We take the security of our platform and our users' data seriously. If you believe you've found a security vulnerability in Nucore Systems, we want to hear from you.
Please report any suspected security vulnerabilities responsibly and privately before disclosing them publicly. We ask that you give us reasonable time to investigate and address the issue.
Send all vulnerability reports to this address. We aim to respond within 5 business days.
Send a detailed email to [email protected] describing the vulnerability, including steps to reproduce, impact assessment, and any proof-of-concept if available.
For sensitive disclosures, we encourage you to encrypt your email. Please contact us first at [email protected] to request our PGP key.
We welcome reports on security issues affecting any of our core systems and properties.
Here's what happens after you submit a vulnerability report.
We confirm receipt of your report within 5 business days and assign it a tracking reference.
Our team triages and investigates the report. We may follow up with questions to better understand the issue.
We develop and deploy a fix. For critical vulnerabilities, we prioritize an expedited patch.
We coordinate with you on responsible public disclosure timing once the fix is live.
We ask that all security researchers follow these guidelines when investigating and reporting vulnerabilities.
Nucore Systems LLC will not pursue legal action against security researchers who discover and report vulnerabilities in good faith and in compliance with these guidelines. We consider responsible security research a valuable contribution to the security of our platform and our users. If you follow these guidelines, we consider your research authorized and will work with you to understand and remediate the issue quickly.
A detailed, well-structured report helps us triage and resolve issues faster.
Thank you for helping keep Nucore Systems and our users safe. Responsible disclosure makes the entire platform more secure for everyone.
Our security.txt is available at
https://www.nucoresys.com/.well-known/security.txt