Vulnerability Disclosure Policy

1. Our Commitment

Fluxorus Networks, LLC values the security community. We welcome reports of security vulnerabilities and will work with researchers who report them responsibly under this policy.

2. Scope

This policy covers Fluxorus-operated systems, including our website, customer portal, and public-facing infrastructure. It does not authorize testing of customer-controlled servers or content, third-party services, or any activity that would disrupt service.

3. How to Report

Email security@fluxorus.com with a clear description, steps to reproduce, affected URLs or components, and any proof-of-concept. Our contact details are also published at /.well-known/security.txt. Please allow us reasonable time to investigate and remediate before any public disclosure.

4. Safe Harbor

If you make a good-faith effort to comply with this policy during your research, we will consider your testing authorized, will not pursue or support legal action against you for it, and will work with you to understand and resolve the issue quickly. If legal action is initiated by a third party against you for activity that complied with this policy, we will make this authorization known.

5. Guidelines

• Do not access, modify, or delete data that is not yours
• Do not degrade, disrupt, or test the availability of services (no DoS)
• Use only your own test accounts
• Stop and report immediately if you encounter customer data
• Keep details of any vulnerability confidential until resolved

6. Out of Scope

• Volumetric or denial-of-service testing
• Social engineering of staff, customers, or vendors
• Physical attacks against facilities
• Reports from automated scanners without a demonstrated impact
• Customer-hosted content and third-party services

7. Contact

Security reports: security@fluxorus.com