We believe in the power of the community. If you see something, say something. We are committed to working with researchers to make the internet safer for everyone.
Our commitment to Safe Harbor and transparency.
Legal Protection. We will not take legal action against researchers who discover and report vulnerabilities in accordance with our guidelines. Your good faith efforts are protected.
PGP Required. All vulnerability reports must be encrypted using our dedicated security team PGP key. We protect your identity and the details of the submission.
Rewards for Impact. We offer competitive bounties for critical vulnerabilities in VayuOS core, kernel, and cloud infrastructure. Payouts are based on CVSS severity and business impact.
90-Day Disclosure. We adhere to the industry standard 90-day disclosure deadline. We aim to patch critical issues within 14 days and coordinate public release with you.