Security

Idunox Vulnerability Disclosure Policy

If you believe you have found a security issue affecting this website, report it privately and we will review it promptly.

How to report

Email info@idunox.com with:

  • A clear description of the issue and the affected URL.
  • Steps to reproduce, including any required headers, browsers, or devices.
  • The expected behavior and the observed behavior.
  • Proof-of-concept details only to the extent needed to verify the issue safely.

Scope

This policy covers the public Idunox corporate website and its staging/pre-production equivalents operated by Idunox.

It does not grant permission to access third-party systems, customer data, partner systems, or any environment you do not own or control.

Please do not

  • Use social engineering, phishing, or physical attacks.
  • Attempt denial-of-service, spam, resource exhaustion, or destructive testing.
  • Modify, delete, or exfiltrate data.
  • Publicly disclose the issue before we have had a reasonable chance to investigate and remediate it.

What to expect

We will aim to acknowledge receipt of a credible report within a reasonable time and keep the dialogue focused on verification and remediation. If we need more detail to reproduce the issue safely, we will ask for it.