Responsible Disclosure
How to report security vulnerabilities and our commitment to addressing them.
Reporting a vulnerability
We take security seriously and appreciate the work of security researchers who help us identify and address vulnerabilities.
How to report
Please report security vulnerabilities to:
security@northline.engineering
For sensitive reports, please use our PGP key available at /.well-known/security.txt
What to include
- Description of the vulnerability and potential impact
- Steps to reproduce the issue
- Any proof of concept code or screenshots
- Your contact information for follow-up
Our commitment
- Acknowledge receipt within 2 business days
- Provide an initial assessment within 10 business days
- Keep you informed of remediation progress
- Credit researchers who follow responsible disclosure
Scope
Our responsible disclosure policy covers:
- northline.engineering and associated subdomains
- Client-facing tools and applications we maintain
Note: Vulnerabilities in client systems should be reported directly to those organizations, not through this channel.