Valtur Technologies

Security

Found something? Tell us before you tell the world.

We build protection for a living, which means we are a target and we know it. If you have found a weakness in anything we ship, this page is how you reach us.

01 — How to report

Email it. Encrypted if you want.

This channel is not published yet.

Rather than print an address that might bounce, we would rather say it is not ready. Until it is, send it to info@valtur.tech with "security" in the subject and it will be routed.

02 — What we ask

Give us time, and stay inside your own lane.

Disclosure window

from first report

90 days, or when a fix ships

Test only what is yours

your own apps, your own accounts

never another tenant's

Do not take data

if you reach data that is not yours

stop, and tell us what you saw

Out of scope

denial of service, spam, social engineering

not accepted, and not protected

There is no bounty. We are a small company and we would rather tell you that than imply one and haggle later. What you get is a real answer from an engineer, credit if you want it, and a fix.

Scope

What this covers.

valtur.tech and the software we publish. RaspLab is a Valtur Technologies product and reports about it reach the same engineers, though it carries its own terms at rasplab.io.

Our own validation work is restricted to applications we own, infrastructure we own, and lab devices we are authorized to use. No third-party targets are in scope, on any engagement. We expect the same of you.