Last updated: 4 July 2026
RESPONSIBLE DISCLOSURE AND SECURITY POLICY
Article 1. Purpose
1.1VylorNode values reports of security issues.
1.2This policy describes how researchers can safely report vulnerabilities.
1.3The aim is to resolve issues without harm to customers or systems.
Article 2. Contact
2.1Report security issues via: abuse@vylornode.com
2.2Use the subject: Responsible Disclosure - short description.
Article 3. What we ask
3.1Do no harm.
3.2Do not abuse vulnerabilities.
3.3Do not view, modify or delete data belonging to others.
3.4Do not place malware.
3.5Do not perform DDoS, stress testing or social engineering.
3.6Do not publicly disclose before VylorNode has had reasonable time to resolve the issue.
3.7Provide sufficient information for us to reproduce the issue.
Article 4. Permitted research
4.1Research on your own account and your own services.
4.2Limited limited demonstration without data exfiltration.
4.3Reporting vulnerabilities in the website, panel, API or configuration.
Article 5. Not permitted
5.1DDoS or load testing.
5.2Phishing or social engineering.
5.3Physical attacks.
5.4Placing malware.
5.5Brute forcing.
5.6Downloading data from other customers.
5.7Maintaining persistent access.
5.8Selling or leaking vulnerabilities before they are reported.
Article 6. What we promise
6.1We confirm receipt where possible within 5 business days.
6.2We investigate the report.
6.3We keep the reporter reasonably informed.
6.4We do not take legal action against good-faith reporters who comply with this policy.
6.5We may thank or credit the reporter if desired, but we do not offer a standard bug bounty unless agreed in writing.
Article 7. Report format
A good report includes:
- a. description
- b. impact
- c. steps to reproduce
- d. affected URL/IP/API
- e. screenshots or logs
- f. proposed solution
- g. contact details.
Article 8. Classification
VylorNode may classify reports as:
- a. Critical
- b. High
- c. Medium
- d. Low
- e. Informational.
Article 9. Publication
9.1Publication is only allowed with permission from VylorNode.
9.2VylorNode asks researchers not to disclose details while customers are at risk.
