Vulnerability Disclosure
Security contact: [email protected].
Reporting A Vulnerability
If you believe you found a vulnerability in Enji Guard, the Enji Fleet agents orchestrator, or related Enji infrastructure, contact [email protected].
Please include:
- affected URL, endpoint, repository, or component;
- a clear description of the issue;
- reproduction steps;
- impact assessment;
- screenshots or logs if helpful;
- your contact information.
Do not include secrets, customer data, or destructive payloads unless strictly necessary to explain the issue.
Safe Harbor Expectations
Keep testing limited to your own account and assets you are authorized to test.
Do not:
- access, modify, delete, or exfiltrate other users’ data;
- perform denial-of-service or load testing;
- run credential stuffing, phishing, or social engineering;
- install malware or persistence;
- scan unrelated infrastructure;
- publicly disclose the issue before Enji has had a reasonable chance to respond.
Response
Enji will make a best-effort attempt to acknowledge reports and investigate validated security issues.
No bounty, reward, or payment is promised unless a separate written program is published.