Vulnerability Disclosure Policy

How security researchers and customers should report suspected vulnerabilities in openCenter systems or services.

A public trust program needs a clear path for good-faith reporting. This page is that path for researchers, customers, and partners who identify a possible security issue.

It is not permission for unrestricted testing. Coordinated disclosure still matters because openCenter has to protect customers, infrastructure, and other users while a report is being verified.

Talk to openCenter Security Overview

Last updated May 21, 2026

Purpose

Provides a coordinated reporting path, outlines safe-harbor expectations, and explains how openCenter handles inbound security reports.

Primary audience: Security researchers, customers, partners
Reporting path: Use the website contact form and label the message as a security report
Safe harbor: Good-faith, non-destructive testing coordinated with openCenter will be handled responsibly
Out of scope: Disruptive testing, social engineering, or unauthorized access attempts

Coordinated reporting

Researchers should send enough technical detail to reproduce the issue without publicly disclosing it before remediation.

Good-faith expectation

openCenter wants reports that minimize privacy impact, service disruption, and data access outside what is strictly necessary.

Clear boundary

This page is the right channel for disclosure, while the Acceptable Use Policy defines what unapproved testing cannot do.

How to Report

Use the website contact form and clearly mark the message as a security vulnerability report.
Include affected component or URL, reproduction steps, impact assessment, and any supporting logs or screenshots that do not expose unrelated customer data.
Provide a secure callback address so openCenter can coordinate validation and remediation updates.

Researcher Expectations

Avoid privacy-invasive, destructive, or denial-of-service techniques.
Do not access, modify, or retain data that is not necessary to demonstrate the issue.
Do not publicly disclose the issue until openCenter has had a reasonable opportunity to investigate and remediate it.

openCenter Commitments

openCenter will review good-faith reports, work to validate credible issues, and coordinate follow-up with the reporter where possible.

If the report concerns a customer environment or a service under contract, openCenter may route the response through the affected customer account and operational processes.

Related Resources

Cross-links that help buyers and reviewers keep moving.

Security Overview

Review the public summary of the security model and operational controls.

Acceptable Use Policy

Understand the boundaries between coordinated disclosure and prohibited testing.

Contact Form

Use the public contact form for inbound security reporting and coordination.