Responsible disclosure

Report a security issue safely.

If you believe you found a vulnerability in Velrin, send a clear report so we can reproduce, assess, and remediate the issue without disrupting production or exposing user data.

Email security@velrin.com Start a responsible disclosure report Security Overview Review current posture
Security intake

What helps us act faster?

01
Reproducible steps

Numbered actions, affected URL, role, and environment.

02
Impact explanation

What data, permission, workflow, or user action is affected.

03
Evidence

Screenshots, request IDs, timestamps, logs, or console errors.

04
Safe coordination

No public disclosure until the issue has been reviewed and resolved.

Primary contact: security@velrin.com
Reporting guide

Send the details that make the report actionable.

A strong report should help us reproduce the issue quickly, understand the business impact, and identify the safest remediation path.

01

Document the issue

Capture the affected page, endpoint, account role, browser, timestamps, and the exact behavior you observed.

02

Explain the risk

Describe what an attacker could access, change, bypass, or disrupt if the issue were exploited.

03

Include safe proof

Provide screenshots, redacted requests, console errors, or logs without exposing unrelated user data.

04

Coordinate disclosure

Give us time to triage, fix, and validate before discussing the issue publicly.

Safe testing boundaries

Help us protect Velrin without disrupting operations.

Security research should be limited, targeted, and non-destructive. Test only against accounts, workspaces, and data you own or are explicitly authorized to use.

In scope for reporting

  • Authentication and authorization weaknesses
  • Privilege escalation or role bypass
  • Data exposure affecting confidentiality
  • Unsafe input handling or injection risks
  • Session, access, or workflow control issues

Do not perform

  • Denial-of-service, stress, or load testing
  • Social engineering, phishing, or impersonation
  • Accessing or changing another user’s data
  • Destructive testing or data deletion
  • Public disclosure before remediation is complete
Response process

What happens after you report?

We follow a clear intake path so vulnerability reports stay structured, accountable, and reviewable.

01

Acknowledge

We confirm receipt and ask for clarifying details if the report needs more context.

02

Triage

We reproduce the issue, assess severity, and identify the affected product area.

03

Remediate

We prepare and validate the fix in a controlled way before release.

04

Verify

We confirm the vulnerability is resolved and close the report with final notes.

Suggested report format

Use a clean structure in your email.

You do not need to use this format exactly, but these fields help us move faster and avoid back-and-forth. 

Subject: Vulnerability Report — Velrin

Summary:
Affected area:
Account role used:
Steps to reproduce:
Expected result:
Actual result:
Potential impact:
Evidence:
Suggested remediation, if any:
Disclosure coordination notes:
Security contact

Ready to submit a report?

Send your report to security@velrin.com with enough detail to reproduce safely. For general product or access questions, use the contact page instead.

Email Security security@velrin.com Security by Design Product security architecture Contact Velrin General questions