# Vulnerability disclosure policy Do you think you’ve found a security flaw in Napses Technologies Pvt. Ltd. managed assets, service or one of our related projects? Read below for how to responsibly report it! ## Reporting a Vulnerability - Our [security.txt](https://mvprockets.com/.well-known/security.txt) file. Taking the time to report a security vulnerability to us is greatly appreciated, and we will use every resource at our disposal to respect your time during the reporting process. When reporting an issue, please provide **as much information** as possible, but at least: - The asset or resource details where you identified the vulnerability - A detailed description of the vulnerability with steps to reproduce - If appropriate, please include a proof of concept (plaintext only; no binaries) - Please also include your recommended remediation(s), if any, or any other concerns. **Do Not Send:** Sensitive or personal information. Our employees will attempt to respond to and confirm your report within 2-3 days, but if you believe your report to be critical to user safety and security, please note as such in the subject. We are fortunate enough for our clients to be relying on the expertise of the Napses Technologies Pvt. Ltd., and we take security very seriously. Example Report - **Title**: Flaw in mouse_pretend_website allows cat_catch_mouse from seeing mouse_details - **Application** (list all services or application tested or believed to be impacted): - **Description**: I am able to view cat_catch_mouse details. When I use the cat_resident_application: [root@localhost ~]# curl https://cat_resident_application/cat_catch_mouse { "mouse_captured": ["1", "2"], } - **Steps to Reproduce**: < insert all the steps that are necessary to reproduce the error. For example: > 1. Visit https://cat_resident_application/cat_catch_mouse 2. Modify the cookie "Auth" with "let-me-in" 3. Post to https://cat_resident_application/alma_cat with the cookie 4. Call https://cat_resident_application/cat_catch_mouse?list-all-mice - **Expected Result**: It should block me with "No mice here". - **Actual Result**: It provides a list of all mices cat has captured. - **Severity**: Urgent ## Where to Report For any issue that requires a coordinated release, send your report to incident@napses.com directly so we can coordinate a responsible patch and release.