Report a Security Vulnerability

If you believe you’ve found a security issue in Velrin, responsible disclosure helps us protect every workspace.

security@velrin.com Responsible disclosure No public posting before a fix

Quick Reporting Guide

Send details that let us reproduce the issue safely, assess impact, and fix it without disrupting production.

Step 1

Confirm and document

Stop once you can reliably reproduce. Capture clean steps, exact URLs, and expected vs actual behavior.

  • Repro steps + screenshots
  • Account role (admin/user) if relevant
  • Impact description
Step 2

Email us securely

Send a report to security@velrin.com. Include enough detail to reproduce without guesswork.

  • Subject: “Vulnerability Report — Velrin”
  • Time discovered + environment notes
  • Any logs / request IDs
Step 3

Allow time to fix

We’ll triage, reproduce, and prioritize remediation. Please avoid public disclosure until we confirm resolution.

  • Triage and severity assessment
  • Fix + verification
  • Closure confirmation

What to include

  • Clear reproduction steps (numbered)
  • Affected page/endpoint and parameters
  • Expected vs actual result
  • Business impact (what could an attacker do?)
  • Screenshots, console errors, request IDs, logs

Scope and boundaries

  • Authentication / authorization issues
  • Data exposure risks (read access)
  • Privilege escalation
  • Injection and unsafe input handling
  • DoS / load testing / stress testing
  • Social engineering or phishing attempts
  • Accessing or modifying other users’ data
  • Destruction of data or service disruption

What happens next

A clear sequence from intake to closure so reporting stays predictable and accountable.

Acknowledge

We confirm receipt and request clarifying details if needed.

Triage

We reproduce, assess severity, and determine the right fix path.

Fix

We implement remediation and validate the patch in a controlled way.

Verify and close

We confirm resolution and close the report with final notes.

Safe testing expectations

Test only against accounts and data you own. Avoid accessing other users’ information, avoid disruption, and stop once you can demonstrate the issue. If you’re unsure whether a test is safe, email us first at security@velrin.com.

Email security@velrin.com Security by Design