Veigar

Responsible Disclosure Policy

Security vulnerability reporting guidelines

Overview

Veigar is committed to ensuring the security of our platform and protecting our users' data. We appreciate the security research community's efforts to help us maintain the highest security standards. This policy outlines our guidelines for responsible disclosure of security vulnerabilities.

Scope

In Scope

The following systems and applications are within the scope of this policy:

  • lendingwizard.com and all subdomains
  • Veigar web application
  • Veigar mobile applications
  • Veigar APIs
  • Any other services explicitly listed on our website

Out of Scope

The following activities are outside the scope of this policy:

  • Social engineering attacks against our employees
  • Physical security testing
  • Denial of service (DoS) attacks
  • Third-party services not owned by Veigar
  • Spam or social engineering content
  • Reports from automated scanners without verification

Vulnerability Categories

We are particularly interested in the following types of vulnerabilities:

Critical Vulnerabilities

  • • Remote code execution
  • • SQL injection
  • • Authentication bypass
  • • Privilege escalation

High Priority

  • • Cross-site scripting (XSS)
  • • Cross-site request forgery (CSRF)
  • • Insecure direct object references
  • • Sensitive data exposure

Reporting Guidelines

How to Report

To report a security vulnerability, please email us at:

security@lendingwizard.com

Please include the following information in your report:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and exploitation scenarios
  • Screenshots or proof-of-concept code (if applicable)
  • Your contact information for follow-up questions

Safe Harbor

We consider security research conducted under this policy to be:

  • Authorized in accordance with applicable law
  • Conducted in good faith
  • Not in violation of any applicable law or regulation

As long as you comply with this policy, we will not initiate legal action against you for your security research.

Response Timeline

We are committed to responding to security reports in a timely manner:

  • Initial response: Within 24 hours of receipt
  • Triage and assessment: Within 72 hours
  • Regular updates: Every 5 business days until resolution
  • Resolution timeline: Varies based on complexity and severity

Recognition

We appreciate the security research community's contributions. Researchers who report valid vulnerabilities may be eligible for:

  • Recognition on our security acknowledgments page
  • Direct communication with our security team
  • Updates on the resolution progress
  • A letter of appreciation for significant findings

Note: We do not currently offer monetary rewards, but we deeply value the contributions of security researchers.

Responsible Disclosure Requirements

To qualify for safe harbor protection, security researchers must:

  • Not access, modify, or delete user data
  • Not disrupt or degrade our service performance
  • Not publicly disclose the vulnerability until we have addressed it
  • Provide us with reasonable time to investigate and resolve the issue
  • Not use the vulnerability for personal gain
  • Report the vulnerability only to us, not to third parties

Contact Information

For security-related inquiries, please contact our security team at security@lendingwizard.com. For non-security issues, please use our regular support channels.

← Back to Home
Terms of ServicePrivacy PolicySecurity