← omniguardlabs.com

Responsible Disclosure Policy

We welcome reports from security researchers. This page tells you how to reach us and what to expect.

How to report

Email security@omniguardlabs.com (also listed in our security.txt). Include a clear description, affected asset/URL, reproduction steps, and — in the OmniGuard spirit — a proof of impact where possible. Encrypt sensitive details on request.

Scope

OmniGuard Labs web properties and the OmniAudit platform. Please do not test against third-party services, other customers, or production data you do not own.

Rules of engagement

Act in good faith, avoid privacy violations and service disruption, do not exfiltrate data beyond what is needed to demonstrate a finding, and give us reasonable time to remediate before any public disclosure. We will not pursue researchers who follow this policy.

What to expect

We acknowledge reports promptly, keep you updated on remediation, and credit researchers who wish to be named once a fix ships.

We will never

Ask you for private keys, seed phrases, passwords, or funds. Any message doing so is not from us. We reply only from a verified @omniguardlabs.com address (DMARC-protected).