Vulnerability Disclosure

Safe Harbor Policy

Erogen AI is committed to ensuring the security of our systems and data.

All vulnerability disclosures should be sent to security@erogen.ai. Please note that all disclosures are strictly private and confidential. In return, we offer a safe harbor policy for ethical security research and vulnerability disclosures on Erogen web and digital assets.

Due to the volume of reports and the size of our team, we kindly request up to 7 days to acknowledge the vulnerability report, and up to 14 days to triage, analyze, and confirm the legitimacy of your vulnerability report, though we expect most timeframes will be much shorter in practice. We aim to address and patch all vulnerabilities based on their assessed severity and criticality within an appropriate timeframe and will communicate with you throughout the process.

It is important to note that any attempts to attack, exploit, or overload our systems are strictly prohibited. Such actions fall outside the scope of responsible vulnerability disclosure and will not be tolerated. We expect all security researchers to conduct their activities in a manner that is ethical and in good faith.

Unauthorized access, data exfiltration, and any form of denial-of-service attacks are expressly forbidden and will result in immediate disqualification from our safe harbor policy. We value your cooperation in ensuring the integrity of our systems.

Additionally, all encountered data, including user and AI character data, must be demonstrably deleted after the vulnerability is confirmed to be patched. All data and any copies must not be retained on any systems of your own. Compliance with this requirement is essential to maintain safe harbor protections for yourself and the confidentiality and privacy of our users.

Any violations of any of our vulnerability disclosure policies will result in the immediate removal of safe harbor protections. We reserve the right to take appropriate actions, including legal measures, against individuals who breach these terms.

While we do not offer bounties for vulnerability disclosures, we may consider awarding bounties in extraordinary cases.

Top Vulnerability Reporters

Once your vulnerability report has been confirmed and patched by our team, we will coordinate with you to add you to our leaderboard. This recognition is our way of thanking you for helping us improve the security of Erogen AI.

  • Saperoi's profile pictureSaperoi
    1 High Severity Report
Erogen AI
©
2024
All rights reserved