Vulnerability Disclosure Program

How to Report a Vulnerability (Security Contact)

If you believe you have discovered a security issue, please report it privately to our security contact:

security@testseed.com

Include a clear description, affected product or endpoint, steps to reproduce, and potential impact. No login is required, and there is no captcha.

Scope for SaaS Security Reporting

The following areas are in scope for this vulnerability disclosure program:

• TestSeed web application and public APIs.
• Authentication and authorization flows.
• Documentation-related security issues.

Out of scope: social engineering, denial of service, physical attacks, or issues requiring access to customer credentials.

Responsible Disclosure Guidelines

We ask researchers to avoid accessing customer data or disrupting services. Coordinated disclosure protects all users and accelerates remediation.

• Do not access or modify customer data.
• Avoid service disruption or automated scanning at scale.
• Allow reasonable time for investigation and fixes.
• Do not publicly disclose issues before a fix is available.

Safe Harbor for Security Research

TestSeed considers safe harbor security research conducted in good faith and in accordance with this policy to be authorized.

• Follow this disclosure process.
• Limit testing to proof of concept.
• Do not violate privacy or intentionally disrupt services.

Safe harbor applies only to TestSeed-owned systems.

Bug Bounty Status

TestSeed does not currently operate a paid bug bounty program. We still value responsible disclosure and will acknowledge valid reports that improve our security posture.