Responsible Disclosure
VectorVue by Nyxera Labs — Website Security Disclosure
This repository hosts the public marketing website only. It does not contain production services or customer environments.
Scope
In scope:
- Website content integrity issues
- Dependency vulnerabilities affecting this repository
- Misconfigured security headers
- CDN delivery or cache poisoning issues
- TLS or transport security problems
- Build or deployment pipeline compromise risks
Out of scope:
- Theoretical best-practice suggestions
- SEO issues
- Missing headers without demonstrable impact
- Social engineering attempts
- Issues requiring browser extensions
Platform security is managed under Nyxera Labs' coordinated disclosure program.
Reporting a Vulnerability
Please report responsibly via email:
security@nyxera.cloud CC: founder@nyxera.cloud
Include:
- clear description
- reproduction steps
- impact assessment
- proof of concept (if safe)
- your contact information
Do NOT open public GitHub issues for security vulnerabilities.
Disclosure Policy
We follow coordinated disclosure:
- Acknowledge within 72 hours
- Validate and triage
- Remediate
- Credit researcher (optional)
- Publish notice when appropriate
Safe Harbor
Good-faith research conducted within defined scope is considered authorized.
Research expectations:
- Avoid data destruction
- Avoid service disruption
- Do not access other users' data
- Respect rate limits
Security Philosophy
VectorVue by Nyxera Labs is built on the principle that trust must be verifiable.
Responsible disclosure helps maintain that trust.
Thank you for helping improve security.