At Lavelle Networks, security is a top priority. We are committed to protecting our users, systems, and data. We recognize that responsible disclosure of security vulnerabilities helps us ensure the safety and integrity of our platform. This Public Vulnerability Disclosure Policy (VDP) outlines how security researchers, ethical hackers, and other parties can report vulnerabilities in a responsible manner.
| Scope Details |
|---|
| All digital assets owned, operated, or maintained by Lavelle Networks. |
| Any vulnerabilities that could impact the confidentiality, integrity, or availability of our services and user data. |
| Reporting Guidelines |
|---|
| Submit the vulnerability report via LN-SIRT@LAVELLENETWORKS.COM. |
| Provide a detailed description of the vulnerability, including steps to reproduce it. |
| Do not publicly disclose the vulnerability before we have had the opportunity to investigate and remediate it. |
| Avoid privacy violations, data destruction, or service disruption while testing. |
| Expectations |
|---|
| Act in good faith and avoid harming users or the organization. |
| Not exploit the vulnerability beyond what is necessary for validation. |
| Allow reasonable time for remediation before public disclosure. |
| Our Commitments |
|---|
| Acknowledge receipt within 48 hours to 96 hours. |
| Assess and prioritize the report based on its severity. |
| Provide updates on remediation progress where applicable. |
| Credit researchers publicly (if desired) upon successful resolution of the issue. |
| Safe Harbor Statement |
|---|
| We will not take legal action against researchers who follow this policy in good faith. |
| Actions that violate applicable laws or involve malicious intent are not protected under this policy. |
| Out of Scope Issues |
|---|
| Reports based on outdated or unsupported software. |
| Denial-of-service attacks. |
| Social engineering, phishing, or spam. |
| Clickjacking or missing security headers that do not pose a critical risk. |
To report a vulnerability, please reach out to our security team at LN-SIRT@LAVELLENETWORKS.COM.