Security
Found something? Tell us before you tell the world.
We build protection for a living, which means we are a target and we know it. If you have found a weakness in anything we ship, this page is how you reach us.
01 — How to report
Email it. Encrypted if you want.
This channel is not published yet.
Rather than print an address that might bounce, we would rather say it is not ready. Until it is, send it to info@valtur.tech with "security" in the subject and it will be routed.
02 — What we ask
Give us time, and stay inside your own lane.
Disclosure window
from first report
90 days, or when a fix ships
Test only what is yours
your own apps, your own accounts
never another tenant's
Do not take data
if you reach data that is not yours
stop, and tell us what you saw
Out of scope
denial of service, spam, social engineering
not accepted, and not protected
There is no bounty. We are a small company and we would rather tell you that than imply one and haggle later. What you get is a real answer from an engineer, credit if you want it, and a fix.
Scope
What this covers.
valtur.tech and the software we publish. RaspLab is a Valtur Technologies product and reports about it reach the same engineers, though it carries its own terms at rasplab.io.