Responsible Vulnerability Disclosure Program

At Hypatos, we take the security of our products seriously. New ways of attacking our products are constantly being developed. Because of this, we have created a vulnerability disclosure program for anyone who has found a vulnerability to share it with us.

Types of Testing

Hypatos has to strike a balance between protecting critical assets and giving researchers permission to test our systems. For this reason, we allow only the following types of vulnerabilities to be tested on (give address names).  

  • Remote code execution,
  • Any type of cross site attack such as  XSS, CSRF, etc.,  
  • SQL injection attack,

We do not permit tests for DDoS or tests on third party products.  

How To Disclose The Vulnerability

To inform us of a potential vulnerability, please use this email address: disclosure@hypatos.ai.  We will respond within 5 business days. In your initial disclosure, please give a description of the issue, in text format (not pdf or exe files) and contact details so that we can reach out to you. If we decide to investigate the vulnerability, we will require you to send proof of concept code (dump files will not be accepted). This phase can last a maximum of 180 days, during which you are obliged not to divulge the vulnerability publicly. After this time, we will discuss with you, if the vulnerability can be made public.