Responsible Disclosure.

Scope

This policy applies to vulnerabilities affecting vektraindustries.com, K.O.D.A. subdomains operated by us, and our public open-source repositories, including work related to ILO where maintained by Vektra Industries.

How to report

Please send reports to security@vektraindustries.com with a clear description, affected asset, reproduction steps, and a proof of concept where possible.

What we promise

We will acknowledge receipt of good-faith reports within 5 business days. If your research is conducted lawfully, in good faith, and without privacy violations or service disruption, we will not pursue legal action solely for the report.

We are also glad to credit researchers for valid reports, on request, after a fix or mitigation is in place.

Out of scope

The following are out of scope for this policy: denial-of-service testing, social engineering, phishing, physical attacks, spam, and any testing that accesses, modifies, or destroys data beyond what is necessary to demonstrate a vulnerability.