Scope
This policy applies to vulnerabilities in NetRisk.io public website and application services.
Trust
Responsible Disclosure
If you believe you have found a security vulnerability in NetRisk, please report it responsibly so it can be reviewed and addressed.
Last updated: June 2, 2026Version: 1.0
NetRisk is currently provided as a free limited beta. The service is experimental, may change, and is provided without warranties or service-level commitments.
How to report
Send vulnerability reports to security@netrisk.io. Please include:
- Description of the issue.
- Steps to reproduce.
- Affected URL or feature.
- Potential impact.
- Screenshots or proof of concept, if safe.
- Your contact information.
Good-faith research
We ask researchers to:
- Avoid accessing, modifying, deleting, or exfiltrating data.
- Avoid disrupting the service.
- Avoid social engineering, phishing, spam, or physical attacks.
- Avoid testing third-party systems that are not owned or operated by NetRisk.
- Report the issue promptly and privately.
- Give reasonable time for review before public disclosure.
Prohibited testing
Do not perform denial-of-service testing, malware upload or execution, credential attacks, spam or phishing, attacks against users, vendors, or third parties, or attempts to access data that does not belong to you.
Response
NetRisk is currently a free beta, so response times may vary. We aim to review credible reports and prioritize fixes based on severity and risk.
Recognition
At this stage, NetRisk does not operate a paid bug bounty program. Recognition may be provided at our discretion.
Contact
Security reports: security@netrisk.io.
Contact
Questions about this page?
Contact NetRisk at security@netrisk.io or reach out through the contact page.
Contact