Security Disclosure
CortexEDR values the contribution of the security research community. If you have discovered a potential security vulnerability, we invite you to report it through our disclosure process.
Guidelines for Researchers
To maintain a collaborative and responsible disclosure environment, we request that researchers:
- 01.Notify us immediately upon discovery of a potential vulnerability.
- 02.Provide detailed reproduction steps to facilitate rapid triage and mitigation.
- 03.Avoid any action that could degrade platform performance or result in data exfiltration.
- 04.Maintain confidentiality until a fix has been deployed and validated.
Reporting Process
Please submit all security findings to **security@cortex-edr.sys**. To facilitate rapid triage, your report should include:
- Impacted system node, API endpoint, or architectural component.
- Technical classification (e.g., RCE, SQLi, Auth Bypass, IDOR).
- Deterministic reproduction steps and a Proof-of-Concept (PoC).
- Potential impact assessment on platform integrity or user data.
Operational Service Level Objectives (SLOs)
CortexEDR maintains a high-priority incident response pipeline for security disclosures:
Researcher Safe Harbor
CortexEDR will not pursue legal action against researchers who comply with this policy. We consider activities conducted under these guidelines to be "authorized" access under the Computer Fraud and Abuse Act (CFAA) and other relevant anti-hacking laws.
Express Exclusions
The following activities are strictly prohibited and fall outside the scope of Safe Harbor:
- Destructive testing or Denial of Service (DoS/DDoS) attempts.
- Social engineering, phishing, or physical security breaches.
- Accessing, modifying, or retaining any data that does not belong to you.