Security — Report a vulnerability
Responsible vulnerability disclosure policy
The security of JORYX and of our customers' data is a priority. If you believe you have discovered a security flaw, we thank you for reporting it in a responsible and confidential manner, so that we can fix it before any public disclosure.
How to report
Write to contact@joryx.fr (see also /.well-known/security.txt). Please include:
- a clear description of the vulnerability and its impact;
- the steps to reproduce it (URL, requests, screenshots);
- your contact details for the exchange.
Scope
The JORYX services (site, application, API) are concerned. Out of scope: denial-of-service attacks (DoS/DDoS), social engineering, spam, physical testing, and any test likely to degrade the service or access others' real data.
Our commitments
- an acknowledgement of receipt within a few business days;
- a diligent assessment and handling, with a timely fix;
- a coordinated disclosure: we agree together on the timing of any publication, after the fix;
- we keep you informed of progress.
Good-faith commitment (safe harbor)
If you conduct your research in good faith, in compliance with this policy (no impairment of availability, no access to or exfiltration of others' data, no premature disclosure), we undertake not to take legal action against you and to handle your report collaboratively.
Publisher
JORYX is published by C4J, Creuzier-le-Neuf (Allier). See also our legal notice and our GDPR commitment.