Security Vulnerability Disclosure

Thank you for your interest in helping keep Cloudventory secure. We take security seriously and appreciate the efforts of security researchers and users who report vulnerabilities to us.

Reporting a Vulnerability

If you believe you have found a security vulnerability in Cloudventory, please report it to us by emailing:

Please include the following information in your report:

• Description of the vulnerability and its potential impact
• Detailed steps to reproduce the issue
• Affected components, URLs, or features
• Proof-of-concept code or screenshots (if applicable)
• Your suggested fix or mitigation (if you have one)

Our Response Process

Responsible Disclosure Guidelines

We ask that security researchers:

• Provide us with reasonable time to address the issue before any public disclosure
• Do not access, modify, or delete user data without explicit permission
• Do not perform actions that could harm our service availability or user experience
• Do not exploit the vulnerability beyond what is necessary to demonstrate it
• Keep vulnerability details confidential until we have released a fix

Out of Scope

The following are generally considered out of scope:

• Social engineering attacks against Cloudventory employees or users
• Physical attacks against Cloudventory infrastructure or employees
• Denial of service attacks
• Spam or social media account takeovers
• Reports from automated tools without validation
• Issues in third-party services (AWS, Stripe, etc.)

Questions?

If you have questions about our security disclosure policy, please contact us at security@cloudventory.io