Vulnerability Disclosure Policy
Aurelis Technology values the security research community and encourages responsible disclosure of potential vulnerabilities. This policy outlines how to report security issues and what to expect from us.
How to Report
If you believe you have found a security vulnerability, please report it to our security team. Include as much detail as possible — a description of the vulnerability, steps to reproduce, and any potential impact.
support@aurelistechnology.com
Encrypted communication available upon request
Scope
In Scope
- Aurelis Pricing Suite web application
- Aurelis API endpoints
- Authentication and authorization mechanisms
- Client-facing infrastructure components
Out of Scope
- ×Third-party services and integrations (report directly to the provider)
- ×Physical attacks against Aurelis offices or data centers
- ×Social engineering attacks against Aurelis employees
- ×Denial-of-service attacks
- ×Automated scanning or testing without prior authorization
Response Timeline
- Acknowledgment of receipt within 2 business days
- Initial assessment and severity classification within 5 business days
- Regular progress updates as the issue is being resolved
- Notification when the vulnerability has been remediated
Safe Harbor
Aurelis Technology supports good-faith security research. When conducting vulnerability research in accordance with this policy:
- We will not pursue legal action against researchers who follow this policy
- We will work with you to understand and resolve the issue promptly
- We will acknowledge your contribution (with your permission) once the issue is resolved
- We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it