Security
Bug bounty and responsible disclosure
Inferix welcomes responsible security research. If you discover a potential vulnerability, report it through our security channel so we can investigate and remediate quickly.
Program rules
- Only test against accounts and assets you own or are authorized to assess.
- Do not access, modify, or exfiltrate other users' data.
- Avoid denial-of-service, social engineering, and physical attacks.
- Provide reproducible steps, impact details, and suggested mitigations where possible.
- Give Inferix reasonable remediation time before any public disclosure.
Submission details
Include affected URL/API path, proof-of-concept steps, expected versus observed behavior, and impact severity.
For sensitive findings, use encrypted disclosure details as described in /.well-known/security.txt.
Enterprise customers can also coordinate through their assigned support and security contacts.