Security & Responsible Vulnerability Disclosure

At Sorce, we take the security of our systems and our users seriously and appreciate the efforts of security researchers who act in good faith.

Sorce does not currently operate a formal bug bounty or public vulnerability disclosure program. However, we do welcome responsible reports of potential security issues.

If you believe you have identified a security vulnerability, please email and include a description of the issue, affected components, and steps to reproduce in your initial report.

We ask that reports are made in good faith and that vulnerabilities are not acted upon or publicly disclosed while we review them.

We appreciate responsible disclosure and will review good-faith reports as appropriate.