Responsible Disclosure

Send vulnerability reports to security@netrisk.io. Include affected URL, reproduction steps, potential impact, and whether any customer data may have been exposed.

Please do not access, modify, download, or disclose customer, vendor, token, evidence, or workspace data beyond what is necessary to demonstrate the issue.

NetRisk will acknowledge credible pilot vulnerability reports through the support process and prioritize issues affecting authentication, tenant isolation, secure links, evidence handling, or data exposure.

There is no public bug bounty or guaranteed reward program during Sprint 1 pilots.